Researchers have discovered a number of malicious apps that contain code capable of secretly rooting an estimated 90 percent of all Android phones, reports ArsTechina.
These “Godless” apps are capable of rooting exploits in virtually any phone running Android version 5.1 or lower, accounting for 90% of all Android devices.
As a result the app family has already found its way onto over 850,000 devices worldwide.
Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools.
The said framework has various exploits in its arsenal that can be used to root various Android-based devices. The two most prominent vulnerabilities targeted by this kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit). The remaining exploits are deprecated and relatively unknown even in the security community.
In addition, with root privilege, the malware can then receive remote instructions on which app to download and silently install on mobile devices. This can then lead to affected users receiving unwanted apps, which may then lead to unwanted ads. Even worse, these threats can also be used to install backdoors and spy on users.
The apps most prone to being malicious are those that are copies of popular games and utility apps such as flashlights and Wi-fi apps.
More gaming news
10 awesome games you should pick up in Steam’s Summer Sale
Awesome multiplayer games you can play even with high latency
Loading ...
