Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Beware Android users! “Godless” named Malware can Root your device Anonymously!

 

If you are using Android Lollipop or its earlier version, then your device is at risk. A new type Android Malware has been discovered by the security researchers of “Trendmicro”. The name of the malware is “Godless” and it is capable to root your device automatically. It could install third party malicious coded programs in your device to perform that operations, which could be harmful for your device and your personal information.

 

“More than 8,50,000 Devices have been affected by this Malware and half of these affected devices are from INDIA. All the other Asian Countries are at number two and USA contains only 2 Percent affected devices”, according to the stats of TrendMicro.

 

How ‘Godless Malware’ is doing its work?

When security researchers of Trendmicro were doing work on it, they discovered that this malware is using an “android-rooting-tools” named framework to target devices. Through this framework, malware can get privileges of developer by rooting your device. Once it got the access, it will install third party hard coded malicious programs in the file system of your Android Devices to keep eye on your device. This malware will collect the information from your device and will send it to the hackers through command and control (C&C) servers. This malware can send stolen information to its authors through these servers, because bypassing the security check of app stores such as “Google Play Store” is an easy task for it. This malware is exploiting two main vulnerabilities of Android Lollipop and Its earlier version. Following are the vulnerabilities:

 

  • CVE-2015-3636 (used by the PingPongRoot Exploit)
  • CVE-2014-3153 (used by the Towelroot Exploit)

 

Also read: Database of "Acer" has been hacked! CC Details of 30K Customers stolen by hackers!

 

From here you can get an idea, how harmful Godless malware could be for your devices. This malware can automatically install malicious applications in your device from third party app store. Hackers are using this malware for various purposes such as, for spreading malicious advertisement links and for installing backdoors and spywares in device. By installing backdoors and spyware, authors of this malware can steal your personal data (Credit Card Information, Personal Photos, Videos, Chat History, and Documents etc.) which you have stored in your devices.

 

How users are getting affected from this Malware?

According to the stats of Trendmicro, more than 850000 Android devices have been affected by this Malware. A number of applications are available on app stores which contains this malware. Google Play Store is also included in the list of play stores.  “Flashlight, Wifi Apps and Some Gaming Apps” contains this malware. Some clean apps are also using the same certificates which have been used by these malicious applications. This malware comes automatically in your device through the above apps.

 

Tips for Android Users

  • Update your devices at proper times. Because every outdated software is a malware.
  • Never install Applications form third party app stores. Always read reviews of users about the application, before installing it.
  • Use pro version of Antivirus Tools to protect your devices from malwares and cyber threats.
  • Without proper investigation never visit short links, which you got through text messages, advertisements and emails.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.