New malware is in legitimate-looking apps that can burrow into an Android phone and secretly install unwanted programs.
The malware, called Godless, is in app stores including Google Play, and it targets devices running Android 5.1 (Lollipop) and earlier, which accounts for more than 90 percent of Android devices, Trend Micro researchers said.
Godless hides inside an app and uses exploits to try to root the phone’s operating system. In doing this, it creates administrative access to a device, allowing unauthorized apps to install.
Godless contains exploits to ensure it can root a device, Trend Micro researchers said in a blog post written by Veo Zhang, Trend Micro mobile threats analyst.
A newer variant can also bypass security checks at app stores like Google Play. Once the malware finished its rooting, it can be difficult to uninstall, researcher said.
Trend Micro said it found various apps in Google Play that contain the malicious code.
“The malicious apps we’ve seen that have this new remote routine range from utility apps like flashlights and Wi-Fi apps, to copies of popular game,” the company said.
Some apps are clean, but have a corresponding malicious version that shares the same developer certificate. The danger there is users install the clean app but are then upgraded to the malicious version without them knowing.
So far, Trend says it has seen 850,000 affected devices, with almost half in India and more in other southeast Asian countries. Less than 2 percent were in the U.S.