New ‘Godless’ Malware Targets Android Mobile Devices

Android users have reason to fear ?EU?Godless," a new family of malware targeting mobile Android devices that has been detected by digital security firm Trend Micro, the company said yesterday. The malware, named after the ANDROIDOS_GODLESS.HRX filename it uses, uses multiple exploits to root users?EU? devices.

Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier," according to Veo Zhang, mobile threats analyst at Trend Micro. ?EU?As of this writing, almost 90 percent of Android devices run on affected versions,?EU? Zhang wrote in a blog post yesterday. ?EU?Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.?EU?

Bypassing Security Checks

According to Trend Micro, Godless is similar to an exploit kit. Both use a type of open source rooting framework called android-rooting-tools. Zhang said that the framework has various exploits in its arsenal that it can use to root a number of different Android-based devices. The two most prominent vulnerabilities targeted by the rooting kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit).

By gaining root privilege, Godless can connect to a command-and-control (C&C) server capable of delivering remote instructions that force the device to download and install additional apps without the user?EU?s knowledge. At best, a user receives unwanted apps on the phones. At worst, the same technique can be used to install a backdoor or spy on the user.

Zhang said that a hacker can use that capability to design a malicious app containing a local exploit binary to fetch the payload from the C&C server, allowing the malicious app itself to pass security checks performed by app stores such as Google Play....

Comments are closed.