The Trend Micro security blog researchers revealed the discovery of a new version of Godless malware for mobile devices, geared specifically for devices that run Android 5.1 Lollipop or older. According to data collected by researchers, the malware is capable of infecting almost 90% of all smartphones and tablets in the world that use the operating system of Google.
The Godless works similarly to one of the called “exploit kits”, with many loopholes that can be exploited and using an open source framework called rooting android-rooting-tools. “Based on data collected from the Trend Micro Mobile App Reputation Service, malicious applications related to this threat can be found and outstanding apps stores, including Google Play, and has affected more than 850 devices worldwide,” the researchers said.
global distribution of devices affected by the new version of the malware Godless
After settling quietly next to another downloaded application, the Godless can obtain root privileges and gain the ability to be controlled remotely to install unwanted software on the device affected without its owner to know. More than that, the malicious program can spy on the device user, collecting data and passwords.
Stealthy and full of evil
Malicious apps that used older versions of Godless contained a code that caused the malware wait until the screen was off to begin the root process. Upon completion of the procedure, they then lowered their charges as if they were system applications, all in the form of a file with AES encryption and with a common name, such as “_image”. The result was a very difficult infection to undo
The new variant, however, is designed to only pursue their exploits and payloads from a command and control server (C & C). Remote. According to experts, this helps the malware to evade security checks made by stores such as Google Play. Malicious programs ranging from flashlight apps and search for WiFi to copies of popular games
Example of malicious applications found by Trend Micro
Although the infected apps have already been removed from the official Android store, Trend Micro warns that have been found malicious versions of legitimate apps from Google Play – counting to the same developer certificate – in other download sources. “Thus, there is the risk of users with apps uninfected make an update for variants with malware [if they use APKs outside the official store to make update],” he says.
How to protect
According to the experts at Trend Micro, there is nothing wrong with the process of making the root on mobile devices, an action that could result in several benefits regarding the automation, performance and basically make the most of an apparatus. “But when malware is root of a mobile phone without your knowledge, that’s where the fun is over,” punctuate the researchers.
To avoid problems, the researchers recommend that you always check the history of the developers before to download any application, as unknown creators that provide little or no information about themselves can be sources of malicious software. Another general rule is always give preference to apps coming from trusted stores like Google Play and Amazon.
No comments:
Post a Comment