Recently we covered an article about a family of malware dubbed “Godless” (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its pockets. Godless can target virtually any Android device running 5.1 or earlier version. About 90% of devices are affected by this malware. Check out the full article here for more details on the malware.
This family of malware are of different types and affect the device in more than one way. Recently, we came across a new Godless variant that is made to only fetch the exploit and the payload from a remote command and control (C&C) server, hxxp://market[.]moboplay[.]com/softs[.]ashx. We believe that this routine is done so that the malware can bypass security checks done by app stores, such as Google Play.
So when it comes to these type of malware, there is no exact method to protect your smartphone from “Godless”, but however, you can protect your smartphone in general from any virus and avoid getting attacked by such malware. Note that, if you’re smartphone is affected by some type of virus then it likely to get affected by Godless too, since the device is more vulnerable to attacks. According to some reports, few smartphone from the third-party unofficial website were pre-installed with malware. So make sure you purchase from reliable sources.
First of all, let’s see how to avoid the malware in the first place and protect your smartphone from it –
All Android viruses are delivered via apps installed on your device, so if your phone or tablet doesn’t already have a virus, the best way to avoid it is to be very careful which apps you install. One important thing to note here is, if you are not sure about what you are going to install, then don’t download it. And always download form Google Play store. Avoid downloading from unknown sources completely.
Godless affects only Android Lollipop devices and has the ability to root your phone and install other (potentially harmful) software. The advice here is to check for the developer of the app and closely go through the permissions you are giving access to (does a video player really need to see your contacts?). If you think your device is already affected, then go through the steps given below to remove it from your device, before it starts affecting.
- Put your phone or tablet in safe mode. This will prevent any third-party applications from running which includes malware and virus. On many devices you can press the power button to access the power off options, then press and hold Power off to bring up an option to restart in Safe mode. If this doesn’t work for you then search the procedure for your smartphone and follow the method.
- Once you are in safe mode, open your Settings menu and choose Apps, then make sure you’re viewing the Downloaded tab. If you don’t know the what you are looking for here, then go though the list and find out something which is unusual and which you think shouldn’t be on your device.
- Click on the desired application and open the app info page, then click uninstall. In most cases, this should remove the virus or the malware but if you see your option is greyed out, then probably your device is already affected and it has given admin access to itself.
- In that case, Exit the Apps menu and tap on Settings, Security, Device Administrators. Here you’ll find a list of any apps on your phone or tablet with administrator status. Just uncheck the box for the app you want to remove, then tap Deactivate on the next screen. You can now repeat the third step to remove your app.
- Once you are done with this, restart your device and take it out of safe mode. Now back up your files to protection and then maybe install an anti-virus application from a trusted source so that you don’t need to visit this again looking for solutions.
Alternatively, you can also factory reset your device and remove the virus, but that will erase all the data on your device. If you think you don’t have anything important on your device and you want to make sure everything is working as it was when you took it out of the box, then go for this option. Let us know if you are any queries with regards to this method.