Godless’ Android malware

‘Security’ aspects touch all our lives in some way or the other. We would have been victims of security hack at one time or other. Phishing emails, fake social media profiles, credit card fraud – some of these events may touch us in one way or the other. It is a good idea to prevent against these attacks by being up-to-date on the current Infosec incidents and knowing the ways to avoid them.

With that thought in mind, we will discuss the ‘Godless’ malware in today’s post.

Android devices:

With mobile phone and device usage reaching unprecedented levels, it is but obvious that these devices will be targeted for malicious attacks. ‘Android’ is Google’s own mobile OS and it accounts for a major market share of the mobile market. According to an analysis from netmarketshare.com, Android grabbed 70.85% of the market share while Apple’s iOS grabbed only 23.10% as of May 2016. (Mobile/Tablet Operating System Market Share) More users only means, more sophisticated attacks by hackers to fool the user to give more of their personal information.

Malware or “malicious software”:

Viruses, Trojan horse, backdoors are all different terms to describe malware or “malicious software”. Malware affects the normal functioning of devices and sometimes the user has no way of knowing it. The latest Android malware to strike the mobile and electronic devices is the “Godless” malware.

What does it affect? The “Godless” malware affects users of Android 5.1(Lollipop) or earlier. Recall, some of Android names as Cupcake, Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice cream sandwich, Jellybean, Kit Kat, Lollipop (5.1), Marshmallow.

The malware affecting users of Android 5.1 or earlier essentially means more than 90% of Android devices are affected. (‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices)

Countries affected by ‘Godless’ malware:  India is the country that is most affected by ‘Godless’ malware accounting for 46.19% of affected devices followed by Indonesia, Thailand and other countries.

godless malware
godless malware

Popular places where the malware is present: The Godless malware is present in several app stores inclusive of Google play store. It may be present in simple utility apps such as flashlight or the ever popular games. It fakes an app’s rating and lures genuine users into downloading it. Once the user downloads it, it firmly establishes itself invisibly and makes sure that it cannot be removed.

How does the malware work? The malware takes advantage of two vulnerabilities in the Android OS and exploits it to “root the device”. It must be noted that rooting the Android device voids the warranty.

Rooting the device allows you to gain administrative privileges onto the Android phone and one can get deep into the phone itself. The manufacturer restrictions can be changed or removed. We can also overclock or underclock the processor and customize more things on the phone.

The “Godless” malware does all this and more by infecting an app and then “rooting” the phone. The malware can also control the phone remotely and install unwanted apps and generate ads. It can also install backdoors onto the device which can be used to spy on the user.

How to safeguard against different types of malware: It is always wise to download apps only from the Google play store and not from other third party app stores. Before downloading from the Google play store, it is good to check the developer’s information as well.

We have seen the ‘Godless’ Android malware in today’s post. It is safe to say that mobile devices will be the next target for hackers and miscreants.


Bibliography
‘GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices. (n.d.). Retrieved from TrendMicro: http://blog.trendmicro.com/trendlabs-security-intelligence/godless-mobile-malware-uses-multiple-exploits-root-devices/
Mobile/Tablet Operating System Market Share. (n.d.). Retrieved from netmarketshare.com: https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=1

About Pavan Gumaste

Pavan Rao is a programmer / Developer by Profession and Cloud Computing Professional by choice with in-depth knowledge in AWS, Azure, Google Cloud Platform. He helps the organisation figure out what to build, ensure successful delivery, and incorporate user learning to improve the strategy and product further.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top