Godless Android malware affects Android Lollipop devices
Researchers discover Godless malware having multiple exploits to root Android devices Reuters

Researchers have discovered new Android malware dubbed Godless that contains multiple root exploits to obtain access to affected devices. The malicious software can target any Android device powered with Android Lollipop version 5.1 or earlier, which accounts for approximately 90% of devices.

According to cybersecurity firm Trend Micro, malicious apps related to the Godless malware can be found in the Google Play Store, affecting over 850,000 devices worldwide. The graph posted by the firm shows the highest number of devices that could get affected by the malware are from India, followed by Indonesia and Thailand.

The malware basically uses an open-source rooting framework called Android rooting tools that is equipped with various exploits and can be used to root Android devices. Along with gaining root privilege, the malware can download any app on the affected device based on the remote instructions it receives. Installing unwanted apps could then pave the way for unwanted ads. Hackers can even install backdoors and spy on owners of the affected devices.

Godless Android malware
Global distribution of devices affected with Godless Android malware Trend Micro

Once a user downloads the malicious apps, the malware waits for some time to start its action until the screen of the affected device turns off. After successfully rooting the Android device, the malware drops a payload which is difficult to remove.

According to the researchers, a number of apps in the Google Play Store contain the malicious code. Apps such as Summer Flashlight and Wi-Fi as well as popular games are affected by the malware.

Trend Micro claims to have seen a large number of genuine apps having corresponding malicious versions in the Play Store, which could pose a threat to users as their apps will be upgraded to the malicious versions without their knowledge.

The firm has also noticed the evolution of the malware family. The latest variant of Godless, unlike the previous one that drops a system app to implement a standalone Google Play app, steals Google credentials of users to download and install apps from the Play Store. Using the malware, hackers can also improve the Google Play ranking of certain apps. Trend Micro advises users to review the developers before downloading apps and suggests installing apps from trusted sites such as the Play Store only.