Another day, another strain of malware that cyber security managers have to defend against. Recently, Trend Micro researchers discovered a new family of malicious programs called "Godless" malware that seems to be one of the more potent kinds. The program, using a number of exploits, can essentially conduct targeted attacks against any phone running Android 5.1 or earlier operating systems – that's 90 percent of Android phones in existence right now.
This family of malware can be found in many popular app stores, including Google Play. So far, it has infected close to 850,000 devices, but only 2 percent of those cases were found in the U.S. This is a root exploit, which works by exploiting known vulnerabilities on the device once installed.
"Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools," Trend Micro threat analyst Veo Zhang wrote. "The said framework has various exploits in its arsenal that can be used to root various Android-based devices. The two most prominent vulnerabilities targeted by this kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit). The remaining exploits are deprecated and relatively unknown even in the security community."
It points toward the already huge concern that is mobile malware. Companies and individuals alike have been burned before by mobile malware, and the number of strains out there continues to expand every day.
Android malware woes
The Godless malware isn't the first malicious program to target Android users – and it won't be the last. In July 2016, Ars Technica contributor Dan Goodin reported that 10 million Android phones had been infected with a type of software called "Shedun" that was masquerading as HummingBad. Somewhere in the ballpark of 286,000 infected devices have been discovered in the U.S. The malware spawned from a China-based advertising company at least five months ago, and has numerous ways it can infect a system. Sometimes the malware uses a "drive-by download," where it hides behind unsecured internet sites.
HummingBad is another root exploit that can automatically infiltrate devices using known vulnerabilities. The malware installs more than 50,000 malicious apps every day and generates more than $300,000 per month in revenue for its creators. For Android phones that haven't yet been updated or contain vulnerabilities that haven't been patched, HummingBad can sneak onto your device and download all of these malicious apps.
Once the HummingBad malware is installed onto a device, it sends pop-up ads and engages in click fraud, which are relatively harmless when it comes to your data, but there's nothing stopping this or the Godless malware from doing more. These families of malicious software are indicative of the ongoing problem with mobile malware.
How can you steer clear of malware taking root in your system? Best practices would include making sure to review the developer before downloading anything onto your device, even if it looks harmless. But even that may not be enough, especially with the growing number of malware strains that continues to increase by the day.
Problems with mobile
Malware specifically geared toward mobile devices is becoming more of an issue by the day. Last year, SC Magazine UK contributor Rene Millman reported that 97 percent of mobile malware targeted Android devices, and Trend Micro researchers predicted at the end of last year that there will be 20 million malware samples on mobile devices by the end of 2016. However, Apple operating systems aren't completely out of the water. There are exploits that specifically target incarnations of iOS, too. In other words, no one is completely safe.
Exploit kits are especially harmful, as they use an automated attack system to infiltrate devices and download unfriendly programs that can cause slowdowns and other frustrating situations.
"The people behind it are taking a page out of the book of exploit kit writers in that they are focused on building a sustainable attack framework that you can continue to evolve," Trend Micro analyst Christopher Budd told SC Magazine contributor Bradley Barth in an interview about the Godless malware. "Before exploit kits, people would target one or two specific vulnerabilities with their malware and they would have to code that up. But with exploit kits you don't have to figure out how to attack each vulnerability. You just buy the exploit kit and because you have people maintaining those exploit kits as professional products, they just keep adding to it."
The Godless malware has the ability to spy on Android users. In addition, the creators of these kinds of root exploits have figured out a way around the anti-virus detections in third-party app stores: An innocuous app will be uploaded to the store that doesn't contain the exploit in its coding; then, after the first app update, the malicious code is applied.
The BYOD conundrum
All of this malware targeted toward mobile devices isn't just a headache for individual consumers. Companies that institute bring-your-own-device policies are also potentially at risk. Forrester Research predicted that in 2016, more than 200 million smartphones around the world will be part of the BYOD phenomenon, which means that organizations need to make sure they're protecting their in-house networks from intrusion via these devices.
Midsized and large organizations especially could be at risk, since these are the kinds of businesses that are most likely to adopt BYOD policies. Even when companies don't have a specific BYOD strategy, employees are likely to bring their personal computers and smartphones into the office, which could mean an organization's network could be compromised if the device becomes infected with malware.
Therefore, consumers and businesses alike need to make sure they're investing in the right kind of security tools for their mobile devices and office networks. In addition, it's critical for individuals to upgrade their Android OS in order to support protections against malware and make sure their devices don't fall prey to malicious software like the Godless family of programs or HummingBad.