Slashdot Mirror
'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones (arstechnica.com)
Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.
I'm not an Apple fanboi or anything, but I'm pretty sure that there are not a bevy of apps in the App Store that can contain malware which can root 90% of iPhones.
Say what you will about the virtues of Android and iOS, that's just silly.
I think this falls under the "victim of their own success" category.
The thing is, once you install an app, that's it, it can then do whatever it wants within the limitations that Google has defined. One of those things is "access the Internet" which means that the app, once installed, can then go out to the web and grab whatever it needs to exploit your device.
I am sure that there are thousands of legit apps that have the same exact "signature" as these malware apps. As in, they do normal stuff like access the Internet, turn on your camera's LED, etc.
If you start blocking apps that access particular URLs, that's all well and good, but what if the malicious party creates an ad that is only malicious when used in conjunction with their app? Will Google block apps that access the ad networks? Nope.
The real fix is to get these devices updated so that they are no longer vulnerable to root kits.
My eyes reflect the stars and a smile lights up my face.
I see. Verizon and Samsung won't let me root my phone, but Russian and Chinese hackers can. Thanks Verizon and Samsung.
Came here to say just this. "Rooting" your phone should be a setting in a menu somewhere saying "Allow me to access my own device"; it shouldn't require searching the internet for the least-sketchy app to flip a bit somewhere.
Actually the thing with iOS is that it's virtually impossible for anybody but Apple to mass audit apps for malware. There are without a doubt malware apps on Apple's app store, but nobody has found them yet. In fact, in at least a few cases, some malware apps on iOS were only discovered after somebody found it on the Android version and decided to check the iOS version on a hunch.
This wouldn't have happened if Android had been more intelligently designed.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I admittedly deploy mine as IP cameras since they already have WiFi and camera on board https://play.google.com/store/...