A new strain of Android malware called GODLESS has infected almost one million devices around the world, with almost 100,000 devices reportedly infected in Thailand.
Godless works by hiding inside an app and exploiting the root operating system of your device. This enables it to gain admin access to your phone, which allows for unauthorised apps and files to be installed.
According to cyber security firm Trend Micro, Godless contains exploits that can root your device and could potentially install spyware on your phone.
Godless targets devices running Android 5.1 Lollipop or earlier, meaning that almost 90 percent of Android devices are at risk.
Trend Micro said that it found apps in the Google Play store that contained the Godless Android Malware. Some of the apps included things like torch or flashlight apps and games.
“We found various apps in Google Play that contain this malicious code. The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular games. For example, a malicious flashlight app in Google Play called “Summer Flashlight” contained the malicious Godless code”, Trend Micro said.
The company also said that it discovered a number of copycat apps that appeared genuine but which contain the malicious code.
“We have also seen a large amount of clean apps on Google Play that has corresponding malicious versions – they share the same developer certificate – in the wild. The versions on Google Play do not have the malicious code. Thus, there is a potential risk that users with non-malicious apps will be upgraded to the malicious versions without them knowing about apps’ new malicious behavior. Note that updating apps outside of Google Play is a violation of the store’s terms and conditions”.
India has seen the largest number of infected devices, although the malware is spreading throughout Southeast Asia.
Although some infected app have reportedly been found in the Google Play store, the spread of the Godless Android malware further acts as a reminder to the importance of only downloading apps from reputable sources, within official Android app stores.
Installing apps from unfamiliar developers or from unofficial third party app stores is likely to increase the risk of your device becoming infected with malware.