Malware family Godless works against 90% of all Android devices

PanARMENIAN.Net - Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones, Ars Technica reports.

In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on.

Once an app is installed, it waits for the device screen to turn off and then proceeds with its rooting routine. After it successfully roots the device, it installs an app with all-powerful system privileges so it can't be easily be removed. The earlier apps also install a system app that implements a standalone Google Play client that automatically downloads and installs apps. The client can also leave feedback in Google Play to fraudulently improve certain apps’ rankings.

The post went on to say that "various apps in Google Play," including utility apps such as flashlights and Wi-Fi apps and copies of popular games, contain the malicious rooting code. Trend identified only one such app by name. It was called Summer Flashlight, and had been installed from 1,000 to 5,000 times. The app was recently ejected from Google Play, but for the time being, its listing is still available in search engine caches.