We came across a family of mobile malware called Godless (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its pockets. By having multiple exploits to use, Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90% of Android devices run on affected versions. Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.Read More
Mobile Threats Analyst
Although the Hacking Team leak took place several months ago, the impact of this data breach—where exploit codes were made public and spurred a chain of attacks—can still be felt until today. We recently spotted malicious Android apps that appear to use an exploit found in the Hacking Team data dumps. The apps, found in certain websites, could allow remote attackers to gain root privilege when successfully exploited. Mobile devices running on Android version 4.4 (KitKat) and below, which account for nearly 57% of total Android devices, are susceptible to attacks that may abuse this flaw.Read More
On March 18, Google published a security advisory for a critical vulnerability CVE-2015-1805 that applied to rooting apps. This bug allows malicious apps to gain “root” access to all Android phones below kernel version 3.18. This can greatly affect devices that no longer receive patches, or those with long rollout time. Initially, this flaw has been tagged as ‘medium’ in terms of severity. However, a zero-day exploit was found out that showed the vulnerability could still be exploited successfully, compromising the security of the device. As such, the level of severity was changed to ‘critical.’Read More
A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.
The vulnerability exists in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.Read More
Sex sells, and nowhere is that more true than the Chinese mobile landscape. Porn-themed malware has been hitting Android users in China, Japan, and Taiwan in recent weeks.
These malicious apps are distributed via SEO-optimized fake websites, with keywords targeting hot scandals and affairs used. These sites pretend to be porn video websites, and all lead to various malicious apps being downloaded.Read More