Google Play Store is considered one of the best and most popular digital distribution services around. As of November 2014, there were over 2,200,000 applications available on the Play Store, out of which a considerable amount were free. The platform has reached over 50 billion downloads over a period of 7 years.
Running a service this huge is obviously difficult, but Google has been managing it quite well. Still, there have been instances when hackers and cyber criminals were able to upload apps on the Play Store that contained malicious content and were then downloaded by the masses.
Another such case has recently been reported and published on the web. Researchers have detected a family of malicious apps, dubbed 'Godless,' which have the capability of secretly rooting almost any Android device running on Android 5.1 (Lollipop) or earlier. This means that almost 90 percent of all Android phones can be targeted by these apps.
According to these researchers, once an app with Godless malware is installed on a victim's device, it uses a framework known as "android-rooting-tools" to gain root access to the victim's device. The malware then makes sure that the victim's screen is turned off before executing the malicious code.
Researchers have also deduced that most of the malicious content is not hidden inside the Play Store apps. However, once you download these apps from Play Store, these apps automatically update themselves from outside the Play Store bringing in all the malicious content. It should be noted that apps are not allowed to update themselves from outside the Play Store according to its terms and standards.
Once Godless gains root privileges, it starts communicating with a command and control (C&C) server. It then installs an apps list on the rooted device without the user's knowledge. This can lead to the affected users finding unwanted apps, which can then lead to unwanted apps, on their devices. These threats can also be used to install backdoors and spy on users.
The malware has the ability to bypass security checks done on Google Play Store and other online app stores. There are several apps on Google Play which run malicious Godless code. These mostly include utility apps like flashlights, Wi-Fi apps, and popular game applications.
Most of the victims are located in India, followed by Indonesia and Thailand. Also the US has around 17,000 downloads of Godless apps. We advise our users to avoid using third-party stores to download applications and always make sure to "review the developer" even if the app is listed on Google's Play Store.