It is no news that Google Play
Store is swamped with malicious apps that could entice users’ into downloading
them. What is news is that the number of malicious Apps in Google Play Store has
increased tremendously. Researchers at Trend Micro recently detected a
family of malicious Apps, dubbed 'Godless,' that has the capability of secretly
rooting almost 90 percent of all Android phones.
The malicious apps are
distributed via different methods and variety of app stores, including Google
Play Store, which is usually considered as a safe option for downloading apps.
.
The malicious apps packed with
Godless contain a collection of open-source or leaked Android rooting exploits
that works on any device running Android 5.1 Lollipop or earlier.
Since Android ecosystem is so
broken that around 90 percent of all Android devices are vulnerable to this
malicious software. Godless apps have already been installed on more than
850,000 devices worldwide so far.
Rooting a device could expose a
user to several security risks as it practically opens the door to unwanted
access, hardware failure, data leaks and information theft, and so on if the
developer has malicious intent.
Based on the source code they
analyzed, Trend Micro researchers say that once an app with Godless malware is
installed on a victim’s device, it uses a framework known as
"android-rooting-tools" to gain root access to the victim's device.
From there, the malware will
make sure the victim's screen is turned off before executing the malicious
code.
Here's what a Godless-Packed
App can do to your Device:
Once Godless gained root
privileges, it starts communicating with a command and control (C&C)
server, from where it gets an apps list to be installed on the rooted device
and installs them without the users knowledge, and all of this can be done
remotely as well.
"With root privilege, the
malware can then receive remote instructions on which app to download and
silently install on mobile devices," Trend Micro says. "This can then
lead to affected users receiving unwanted apps, which may then lead to unwanted
ads. Even worse, these threats can also be used to install backdoors and spy on
users."
The researchers say the malware
has the ability to bypass security checks done Google Play store and other
online app stores.
Although there are several apps
in Google Play, including utility apps like flashlights, Wi-Fi apps, and
popular game apps, that contain the malicious Godless code, Trend Micro had
identified only one such Android app by name.
Dubbed Summer Flashlight, the
malicious app had been installed from 1,000 to 5,000 times, and was recently
removed from the Google Play store, but it's still listed in search engine
caches for the time being.
Godless is the latest Android
malware to use rooting exploits in order to gain a persistent foothold on
victims' handsets. Based on the graphic, most victims are located in India,
followed by Indonesia, and Thailand (9.47 percent). The US also has around
17,000 Godless downloads.
"Unknown developers with
very little or no background information may be the source of these malicious
apps," Trend Micro notes.
So, in order to avoid being a
victim to one such app, Android users are advised to avoid using third-party
app stores and always "review the developer" when downloading apps
even from Google’s official store.
Culled from: The Hacker News
No comments:
Post a Comment