There really is no point to malware but to annoy people. However, such can help and inform the mobile industry how vulnerable a device or platform is. One of the best targets is Android, unfortunately. The latest and the most frightening yet was the Stagefright. There’s also the Ghost Push and Kemoge virus families plus the Shuanet we reported last year. This year, Trend Micro has just reported the existence of ‘GODLESS’.
The name alone tells us that the mobile malware doesn’t have any authority. What it does is use multiple exploits to root your devices. Disguised as ‘ANDROIDOS_GODLESS.HRX’, this malware is something you don’t want to see. Actually, you won’t be able to see it but it can exploit devices running on Android 5.1 Lollipop. It has affected numerous apps already available in the Google Play Store and about 850,000 Android devices according to Trend Micro who’s been monitoring the malware through its Trend Micro Mobile App Reputation Service.
Godless makes use of an android-rooting-tool to exploit a device. We’ve seen something similar before, an exploit kit, that can do various exploits in many Android devices. Yes, it’s not just one but many exploits to ensure your smartphone is
destroyed rooted. It’s scary in the sense that it won’t stop until the job is over. Others are saying some exploits already have patches but there are still new ones like the CVE-2014-3153 (Towelroot) and CVE-2015-3636 (PingPongRoot).
What the malware further does is to remotely download and install apps that are also affected. These apps then can show ads or spy on users and even install backdoors. That can be pretty dangerous because ‘Godless’ can do more than just root your device the first time. This also means anyone can remotely access your device without you knowing.
So far, there are numerous devices already affected in different countries.
Many apps have already been infected. Most of them are from outside the Play Store but they can pose as legit ones. It’s easier to trick people and making them believe apps are clean and legit that’s why there are lots of devices already infected.
SOURCE: Trend Micro