Antivirus provider Trend Micro has named this family of malware apps Godless. Some of them are available in Google Play. They contain malicious code capable of secretly rooting almost all phones running Lollipop (5.1) or earlier. This includes an estimated 90 percent of all Android phones.
After achieving root, a Godless app may:
● respond to remote instructions
● install unwanted apps
● install backdoors
● spy on users
http://arstechnica.com/security/2016/06/godless-apps-some-found-in-google-play-root-90-of-android-phones/
What you can do to protect yourself:
● update to a version of Android more recent than Lollipop – if available for your device
● avoid using third-party app stores – apart from Amazon
● avoid apps from unknown developers
● install a check root app – there are a number on Google Play – their purpose is to allow a user to determine if a device has been successfully rooted – it won't provide any protection against a Godless infection, but will allow you to determine if your phone has become a victim – unless you have rooted the phone yourself
/ Godless apps Google Play root 90% of Android phones malware family packages large number of exploits give all-powerful root access researchers detected family of malicious apps some available Google Play contain malicious code secretly rooting estimated 90 percent Android phones recently published blog post antivirus provider Trend Micro Godless malware family has been dubbed collection of rooting exploits works against virtually any device running Android 5.1 or earlier estimated 90 percent all Android devices found app stores Google Play installed more than 850,000 devices Godless infected app malicious code installed vast repository of exploits root device it's running on app functions like exploit kits root kit hacked websites identify specific vulnerabilities individual visitors' browsers serve drive-by exploits Trend Micro Mobile Threats Analyst Veo Zhang Godless exploit kit uses open-source rooting framework android-rooting-tools framework various exploits arsenal used to root various Android-based devices two most prominent vulnerabilities targeted kit CVE-2015-3636 PingPongRoot exploit CVE-2014-3153 Towelroot exploit exploits deprecated relatively unknown security community root privilege malware receive remote instructions app download silently install mobile devices affected users receiving unwanted apps unwanted ads threats install backdoors spy on users first Godless apps stored rooting exploits binary file called libgodlikelib.so infected device app installed device screen turn off proceeds rooting routine successfully roots device installs app all-powerful system privileges can't be easily be removed install system app implements standalone Google Play client automatically downloads installs apps client leave feedback in Google Play fraudulently improve certain apps’ rankings more recent Godless apps download rooting exploit payload server located at malware can bypass security checks Google Play other app stores later variants install backdoor root access silently install apps affected devices various apps in Google Play utility apps flashlights Wi-Fi apps copies of popular games contain malicious rooting code Trend identified name Summer Flashlight installed app recently ejected from Google Play Evil twin Trend post researchers large number benign apps Google Play elsewhere corresponding malicious versions share the same developer certificate potential risk users non-malicious apps upgraded malicious versions knowing about apps’ new malicious behavior note that updating apps outside Google Play violation store’s terms and conditions Godless latest Android malware rooting bugs persistent foothold on handsets researchers discovered family 20,000 trojanized apps powerful exploits gain root access Android operating system root exploits aren't automatically malicious deliberately use them expand capabilities devices bypass restrictions imposed by carriers manufacturers root exploits have ability circumvent key Android security protections users should run them only after thoroughly researching specific app that's doing the rooting Android users should avoid using third-party app stores notable exception Amazon's downloading stores, avoid apps unknown developers /
