A new family of malicious apps, most of which were available on the Google Play Store, all containing malicious codes have been detected by a group of security researchers. The Godless apps are believed to be able secretly to root 90 percent of all Android phones.
AntiVirus provider, Trend Micro wrote in a recent blog post that they had discovered a new family of malicious apps. The apps called, Godless, contains a collection of the rooting exploits that can work on any device which is running the Android version 5.1 and below.
This means that close to 90 percent of Android devices are at risk of being affected. Members of the app group have been discovered in the various app stores, including Google Play, and as of now have been installed on approximately 850,000 of devices worldwide. Godless apps are known to have struck the hardest in India, Indonesia, and Thailand. In the US, less than 2 percent of affected people are present.
When an app from the group of Godless apps is installed, it instantly pulls from the vast library of exploits so as to root the particular device it has been installed on. In a way, the app will act just like any other exploit kit available which causes hacked websites to detect all the specific flaws which are in an individual’s browser and their server drive-by exploits.
The first Godless apps managed to store the root exploits they got in the folder libgodlikelib.so straight to the infected device.
After the Godless app is installed, the malware will wait for the screen to switch on and off and after that continue with its rooting routine. When it’s done rooting the device successfully, it then installs an app which will have an all-powerful system that can have privileges, therefore, removing the app won’t be an easy feat.
The first and earlier apps will also incorporate a standalone Google Play client that can automatically download future apps and install them. It also can review some apps on Google Play Store, therefore increasing people’s view towards certain apps.
In their blog post, Trend Micro wrote that most of the utility apps such torchlight and Wifi apps and also copies of popular games hugely contained these malicious routing codes. They only managed to identify one app by name, however. The app called Summer Flashlight has been installed 1,000 to 5,000 times. The app was rejected from the Google Play Store, but its listing is still available on various search engine caches.