The new mobile malware "Godless" has affected nearly 4 lakh devices in India and about a million devices worldwide, said a report from cyber-security firm Trend Micro.
In the report titled "Mobile App Reputation Service", it said the "Godless" malicious software, found in all app stores including Google Play, hides inside an app and operates on the root of the operating system (OS), opening up the admin access to outside devices. "It contains various exploits to ensure it can root a device and it can even install spyware," said the report. It has been designed to exploit the Android devices in endless ways and those devices running on Android 5.1 (Lollipop) or earlier versions are vulnerable.
Once the "Godless" malware finishes its rooting, it cannot be uninstalled easily. "When downloading apps, users should always review the developer. Unknown developers with very little or no background information may be the source of these malicious apps.Users should also have secure mobile security that can mitigate mobile malware," said Nilesh Jain, Country Manager for India, Trend Micro.
According to Strategy Analytics, Google-owned Android dominated the global smartphone market since 2014 with 1 billion units shipped worldwide. It accounts for 81 percent of all smartphones shipped in 2014, followed by Apple with 15 percent market share and Microsoft with 3 percent at third.
“Many users choose Android over other OS-based devices because first, the devices can be relatively cheap; second, it’s known for fast and efficient data storage and third, it’s available across different form factors, brands, and price points," says Paul Oliveria, researcher of Trend Micro. Android is also popular among mobile developers and manufacturers for its capacity to house innovative app development without licensing fees, and sporting a simple and powerful Software Development Kit (SDK).
Here are some tips to keep Android Phones Safe and Secure:
Lock the screen – Always enabling screen unlock code to prevent a device thief from accessing your mobile data.
Protect your data – Android comes with pre-installed security measures. Go to security submenu to change them. The Android security screen also includes an option to encrypt the device. Enabling this option will help protect sensitive information stored in the device.
Strengthen passwords and app permissions – Google does a fine job at synching their updates with Android devices. However, some manufacturers take a little more time to update. Remember to check the features that you allow the app to access, and don’t forget to use strong and unique passwords. If you re-use your passwords, hackers can effortlessly guess the passwords on your other accounts.
Install a security app – It’s always a good idea to make use of security apps. An app that offers anti-theft features like remote wipe-out, tracking, and locking, as well as malware scanning and detection can help mitigate potential threats.
Connect to secure networks – Whenever you go online using a network you don’t know, such as public Wi-Fi, you should be more careful because unsecured Wi-Fi networks can be used to stage man-in-the-middle attacks where data can be intercepted by a third party. Avoid online banking, financials, and purchasing over public networks. If you use Wi-Fi at home, please make sure you use a password to secure your router.
Avoid rooting your device – Before rooting your Android device, consider the pros and cons first. While it allows you more control over your device, it could also allow unsigned apps, including malicious ones, access to your data. This also makes it difficult to patch and update your OS and apps, which could leave your device vulnerable.
Download from official app stores – Downloading from third-party sites or app stores is one of the easiest ways for any mobile device to get infected with malware. Limiting your apps to those from official or trusted app stores (like the Google Play app store) can lower the risks.