There is a new Android malware which is fast spreading across India according to security specialists Trend Micro. Using their Trend Micro Mobile App Reputation Service, the company estimate over 850,000 devices worldwide. Almost half of the device 46.19% is estimated to be in India.
How does Godless Android Malware Attack?
- The malware get inside the device using compromised Apps available in Google Store or from illegally downloaded Apps outside google store.
- Once the malware get inside the device, it is able to use remote command and control server to download and install the remaining payload into the device.
- The malware wait for the device owner to restart the device to start the rooting process. It use an open source rooting framework like android rooting tools to root the infected device. After the rooting process it creates a system app in the form of an AES-encrypted file called “_image”.
- Once the malware have root access to device, it can be used to install Apps silently without owner’s permission. It can also be used to spy on the device owner.
What is the damage from Godless Malware?
- A hacker can use the malware to install Apps without the owner’s knowledge. These Apps can be used to show malicious content or display Ads and profit from them.
- A hacker can spy on your device which violates your right to privacy. This include access to your personal files and bank transaction details.
- The malware can be used to create backdoors which can be exploited to further a hacker’s ability to access your device.
How Godless malware got inside Google Play Store
Lot of users ask the same question. To prevent malicious Apps from entering Google Play Store, there are strict guidelines to be followed to get approval.
To prevent detection of malicious code, most of these Apps don’t carry the entire malicious code to prevent detection. Instead, they carry payload to connect remote command and control server and download rest of the payload.
How to prevent getting Godless malware
One App that we know is infected is Summer Flashlight. It is no more available on Google Play.
Godless malware gets inside Android device when a malicious Android App is installed. So, the only prevention is to make sure that you install only the right Apps in your device. There are plenty of Apps in Google store. Never install any App which looks suspicious and don’t have much reputation. Also, look for developer’s reputation before installing any App. Do not install any App from outside Google Play which is illegal and violation of their terms and conditions.