Godless’ Android malware spreading fast in India

The malware apparently has evolved over time, and more recent Godless versions are apparently also capable of bypassing security checks done by app stores.


New Delhi-A family of mobile malware called “Godless” has affected over 850,000 Android devices worldwide with nearly half of these devices in India alone, a new report said on Thursday.

As of June, only 10 percent of Android devices run the latest software, Android 6.0 Marshmallow, meaning 90 percent of smartphones running the Google software are running at least Android 5.1 Lollipop.

This is certainly true of the Gunpoder virus, which hit the headlines after Palo Alto Networks discovered it could sneak on to your phone via Nintendo game emulators installed outside Google Play – and even has the cheek to make you pay for the priviledge. The payload can steal your Google account credentials, so that it can download and install apps from Google Play. Android enthusiasts commonly know this as rooting, a technique which is mainly used to be able to install some apps that need high-level permissions or gain access to certain restricted functions.

Godless affects only Android Lollipop devices and has the ability to root your phone and install other (potentially harmful) software. The malware, named after the ANDROIDOS_GODLESS.HRX filename it uses, uses multiple exploits to root users’ devices. The malware can leverage multi-fold rooting exploits, which renders the devices vulnerable.

Godless is packed inside various apps, and when allowed to execute, it will download the android-rooting-tools project from GitHub, which is a collection of open-source or leaked exploits to root Android devices.

The danger, however, looms when users upgrade the clean version of the to the malicious version without them knowing. These app stores may not be sanctioned or controlled by Google and therefore have less stringent security protocols. A given example is that of a flashlight app on Google Play called Summer Flashlight, by Crazy WiFi Team. “Users should also have secure mobile security that can mitigate mobile malware”, said Nilesh Jain, Country Manager, (India and SAARC), Trend Micro.

“The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular game”, the company said.


Because of how this malware is designed it can be very tricky to remove it. Trend Micro has not offered a fix, which leads me to believe that affected users will have to wipe their device and re-flash the firmware.

Based on the data collected from cyber security firm Trend Micro's'Mobile App Reputation Service, malicious apps related to'Godless are found in prominent app stores including Google Play