Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Android

'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones (arstechnica.com) 87

Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.
This discussion has been archived. No new comments can be posted.

'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones

Comments Filter:
  • Every time I hear the "virus available from Google Play" I think "boy, if they could find this, wouldn't Google?"

    • by The-Ixian ( 168184 ) on Friday June 24, 2016 @10:01AM (#52381635)

      I think this falls under the "victim of their own success" category.

      The thing is, once you install an app, that's it, it can then do whatever it wants within the limitations that Google has defined. One of those things is "access the Internet" which means that the app, once installed, can then go out to the web and grab whatever it needs to exploit your device.

      I am sure that there are thousands of legit apps that have the same exact "signature" as these malware apps. As in, they do normal stuff like access the Internet, turn on your camera's LED, etc.

      If you start blocking apps that access particular URLs, that's all well and good, but what if the malicious party creates an ad that is only malicious when used in conjunction with their app? Will Google block apps that access the ad networks? Nope.

      The real fix is to get these devices updated so that they are no longer vulnerable to root kits.

      • The real issue is that apps shouldn't be able to install code without prompting the user. Android should force a window that says something like "app is trying to install this: accept or deny?"

        • Yeah but it is going to say it's installing a root kit or is it going to say something else?

          Description: Update, Bugfix - Fixes problem in {insert application} that causes application crashes and high cpu utilization.

          Would you like to allow this? accept or deny

          • it would be something like the OSX dialog that asks for your admin password or maybe something like windows UAC does. The dialog should be entirely up to the OS and the app can't control it or put up descriptions on it.

            It should be just a warning that the app wants to modify the system and that it could be dangerous. Maybe a reminder that it isn't an app update at all

            • That's the point the app store is essentially a trusted source at least as far as the average user is concerned and an application disguising something as an update to that application would still be appear to be an update.

              If I open an application on any operating system and it says would you like to check for an update and then what ever operating system prompt comes up when I attempt to install said update it still looks like an update.

      • Victim of their own success? Or a predictable outcome of the security model?

        The android security model is what I call "blame the user". Although things have shifted slightly, the original intent was pretty simple: an application could only do things that it was pre-approved to do. This was handled by having declarations and the user would have to agree to those declarations. There are several problems with this model.

        1. Users are not generally equipped to properly discriminate and thus are not able to make

    • Every time I hear the "virus available from Google Play" I think "boy, if they could find this, wouldn't Google?"

      Go Android Security!!!

    • So does Google actually scan the store or what?

      Due to the Halting Problem [wikipedia.org], reliable automated detection of malware is theoretically impossible. This doesn't mean antivirus software is useless, but it is simply inevitable that it will miss stuff. Human security experts will always need to be involved, but humans are expensive, slow, and make more mistakes compared to machines - so it's inevitable that we'll miss stuff, too.

      The best long-term route to increasing computer security for society seems to be limiting the capabilities of a program's execution e

  • these malware "contain malicious code capable secretly rooting an estimated 90 percent of all Android phones"
    well there are malware/viruses/etc that are "capable" of doing damage to lot more percentage of variety of computing devices running variety of software.

    but they need to get installed/infected/whatever.
    but these seems not be all that successful, in that crucial step, even with apps in google store

    so don't get too excited.

    public warnings are ok, and beneficial . but screaming is too much.

    • public warnings are ok, and beneficial . but screaming is too much.

      I didn't see/hear any "screaming"; but I would say, if there were malware in the iOS App Store that could root 90% of iPhones in use, I'd want Slashdot to be right on it!

  • Godless? (Score:5, Funny)

    by Nidi62 ( 1525137 ) on Friday June 24, 2016 @10:14AM (#52381767)
    This wouldn't have happened if Android had been more intelligently designed.
  • 1) The security model is broken by design.

    Android barely restricted apps from taking over your entire phone with an agree box until only fairly recently with Marshmallow.

    2) The updating model is broken by design

    Carriers don't care if your phone OS is out of date. Manufacturers don't care if your phone OS is out of date.

    Bottom line constraint from the supply side - They both want to sell you a new phone or contract.

    Bottom line constraint from the developer side - No major punitive incentives from Google to f

  • Some variants are just the bare bones needed to install a payload which then waits for remote C&C instructions. [smartphonevirus.com]

  • I really hate it when articles go on and on about how certain malware was found in unspecified apps on the play store. I assume that Google took them down as soon as they were notified. But let's name the apps and the publishers, please. What specific apps contained this malware?

    • by green1 ( 322787 )

      Interestingly the summary also makes no mention whatsoever of any malware, only a tool that roots your device. That would be a good thing, not a bad thing.

      Now obviously they're implying that the app also does something evil once it has root, but they rely should say so.

      The way this is written is as if to imply that having any control over the hardware that you own is a horrible thing.

  • We're all in deep shit unless we get right with God.

    https://youtu.be/i_9aTfGgF0c [youtu.be]

  • So that flashlight app that wanted access to my network, contacts list, photo gallery, and storage media was actually installed by some people?
  • ... I haven't been able to access the Google Play store since the Android update I got back in April 2015.

  • We would list the apps affected, but then we couldn't get into your phone anymore.

  • to root my Android 6.0 phone. I should never have upgraded. I really miss my old rooted phoned.

  • (Checks Phone). Running 6.0.1... not seeing what the issue is.
  • Aren't you reaching a bit here. First the user has to download and install the malware and give it the admin password. How in gods name do you manage to read into that as 'rooting' the device. Do you have to serve up that self serving Microsoft propaganda on slashdot. Ars Technica -> Condé Nast->Microsoft-> Ars Technica
  • That probably explains why AT&T pushed out an update to 6.0.1 this week. They are usually a few versions behind, so this seemed like a pretty quick update...

Perfection is acheived only on the point of collapse. - C. N. Parkinson

Working...