“Godless” malware can affect 90% of Android devices, installs unwanted apps
Godless is similar to an exploit kit, having multiple exploits, and uses an open-source rooting framework called android-rooting-tools. This is what the company had to say in its official statement regarding the newly found threat:
According to Trend Micro, upon gaining root privilege, the malware can then be remotely controlled to silently install unwanted software on the affected device, or even worse – to spy on the user.
Malicious apps using older versions of the Godless contain a local exploit binary, which uses exploit code from the android-rooting-tools framework. Once the app is downloaded, the malware waits until the affected device's screen is off to begin the rooting process. Once it's done, it then drops a payload as a system app in the form of an AES-encrypted file called “_image”. It cannot be easily removed.
However, the new variant of Godless is “made to only fetch the exploit and the payload from a remote command and control (C&C) server.“ Experts believe that this is so that the malware can bypass security checks done by app stores such as Google Play.
The aforementioned app seems to have been removed from Google Play. Trend Micro goes on to warn:
When downloading apps, regardless of their nature, you should always do a quick background check on the developer. It sounds tedious, we know, but it's a good idea nonetheless. Unknown new developers could be a source of malicious apps, Trend Micro warns. Dwonloading a trusted antivirus app might also be a good idea, as well as avoiding apps from untrusted sources.
source: Trend Micro