“GODLESS” Malware Targets Android Users.

Malware targeted over 8.5 million Android devices and spreading rapidly. Indian citizens beware!

A family of malware, popularly named ‘Godless’, has affected over 8.5 million devices in the last month. It was first reported last week by the tech website Trend Micro.

On an operating system like Android, which is widely used and has a lot of open doors across various platforms, malware is comparatively easier to develop and foster. On the other hand, an operating system like iOS, which is controlled by a single company, is comparatively safer and with stringent monitoring.

Let us introduce you to the Godless malware:

Who is it affecting? Android devices across the world are getting affected by this family of malware, with about 47% of the devices that have been reportedly affected have been in India. Other countries that have seen a significant affect-rate are Thailand at about 10% and Indonesia at about 11% while Philippines, Malaysia, Vietnam, Japan, Russia, United States and Iran are also on the list.

The malware detected as ANDROIDOS_GODLESS.HRX can target virtually any Android device running on Android 5.1 Lollipop or an earlier version. No reports of any effect on Android 6.0 Marshmallow have yet been reported, but one can’t still speculate how safe that it, regardless.

How is it getting in? Malicious apps related to this threat can be found in prominent app stores, including Google Play Store. There are various apps on Google Play Store than contain this malware and they range from apps like flashlights and Wi-Fi apps to copies of popular games. One example is the flashlight app called ‘Summer Flashlight’ that is a medium for the malware.

Not only do certain apps contain this malware, but copies of apps have been made that can also carry this malware. A lot of clean apps on Google Play Store also have corresponding dirty copies of the app, which share the same developer certificate. What this mean is that certain clean apps can be auto updated for the malicious ones, without the users knowing what it is that they are signing up for.

What is it doing? The malware has various exploits that can be used to root various Android-based devices. It can receive remote instructions on which app to download and silently install on mobile devices. It will then lead to users receiving unwanted applications on their devices, and then receiving unwanted ads. But that is not where the major problem lies.

The major threat that this malware poses does come from the same place, i.e. that it can silently trigger downloads of apps on mobile devices. What it can also do is silently develop backdoor and be the tool of spying on the users.

How does it do what it does? Once the malware has taken up residence within your device, it waits for your screen to be turned off to start its rooting routine. Once it is done with the rooting routine, it then drops the payload as a systems app that can’t be easily removed. The malware, until this step, has existed before.

Recently a new variant of the malware has come into notice, which basically works to fetch the exploits and the payload, and can be instructed by a remote command. This new routine ensures that the malware can bypass security checks done by app stores, including the one done by Google Play Store.

Is there a solution? No immediate solution on an individual level can be stated just yet. We hope to have one soon, and keep you posted regarding this.

Is anyone doing anything? Trend Micro, the ones to initially report the malware, have reportedly also informed Google, the company that runs Android operating systems, about the malware. Google should be taking appropriate action soon if it hasn’t already started. Dealing with a problem on this level, however, can certainly be expected to be quite tough, if not next to impossible altogether.

How to save yourself? There isn’t much one can do to save themselves rather than just be careful. Have a secure mobile security that can mitigate mobile malware, if you don’t already have one. Avoid updating your apps for a while, and if the updating process is set on automatic, then turn it off.

“When downloading apps, regardless if it’s a utility tool or a popular game, users should always review the developer. Unknown developers with very little or no background information may be the source of these malicious apps”, says Veo Zhang, Mobile Threat Analyst.

Also, make sure you don’t download any apps from any unknown stores, and stick to the popular and trusted ones like Amazon and Google Play Store.

Originally published at Chip-Monks.