All users of Android devices – watch out. There is a new hi-tech malware out there, and its infection rates are pretty scary. Named Godless, this malware is supposed to have the capability to infect all Android devices that run on Lollipop or earlier OS versions. So, that would translate to most of the Android-driven devices currently in use, considering that the Marshmallow version – Android 6.0 was released only in October 2015.
Are you safe at Google Play store?
So, how does this malware infect your device? What is the vulnerability?
Well, can’t do pretty much as Trend Micro has reported that the Godless malware has been found in apps even on reputed app stores including Google Play store and other stores. This malware gets downloaded along with the malicious app. However, sandboxing and analyzing the app would not reveal any malicious code, as the malicious code alone does not get executed. The trigger commences only when the user updates the app. Only then does the malicious code gets downloaded and infects the Android device. The malware acquires root privileges and then proceeds to surreptitiously download and install malicious apps of it’s choice on the device. The phone gets bombed with unwanted ads. This malware can also install trojan backdoors and spyware that send back data to cyber criminals.
The Godless malware makes use of android-rooting-tools to infect the device. It is a rooting framework that contains numerous exploits that can be used for penetrating a device’s defenses. As penetration with a single exploit targets only a single or limited number of vulnerabilities it has lower chances of a hit. Cyber criminals have resorted to using exploit kits which contain numerous types of malware attacks that target a wide range of vulnerabilities, and these have a better chance of penetration and infection. Many exploit kits are available for sale on the dark web. It is not that cyber criminals have to be great coders these days. The developers of these exploit kits keep upgrading the tool so that it can tackle upgraded security measures.
Precautions Against Godless Attack
Lately, it is believed that vulnerabilities targeted by Godless have been fixed through updates to the Andriod operating system. However, mobile users and enterprises that need employees to work through mobiles devices or allow BYOD (bring your own devices) can follow certain precautions.
Always download from reputed app stores – like Google Play or Apple store. Do not download apps from any other sources. Additionally, check the reputation of the developer before downloading any app.
Download apps only that you require.
Enterprises must protect themselves with a robust Endpoint security program.
Enterprises must utilize an effective Mobile Device Management system for Remote Monitoring & Management.
The Godless malware was NOT able to infect Android devices with updated software patches. This demonstrates the critical importance of updates and patches. An enterprise must definitely put in place a Patch Management system so that the operating system and software applications in all endpoints of the Enterprise network – desktops, laptops, tablets, smartphones, etc.., have updated patches always.