Security Alerts & News
by Tymoteusz A. Góral

History
#1000 ‘GODLESS’ mobile malware uses multiple exploits to root devices
We came across a family of mobile malware called Godless (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its pockets. By having multiple exploits to use, Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. As of this writing, almost 90% of Android devices run on affected versions. Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide.

Godless is reminiscent of an exploit kit, in that it uses an open-source rooting framework called android-rooting-tools. The said framework has various exploits in its arsenal that can be used to root various Android-based devices. The two most prominent vulnerabilities targeted by this kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit). The remaining exploits are deprecated and relatively unknown even in the security community.

In addition, with root privilege, the malware can then receive remote instructions on which app to download and silently install on mobile devices. This can then lead to affected users receiving unwanted apps, which may then lead to unwanted ads. Even worse, these threats can also be used to install backdoors and spy on users.
Read more
#1007 Google launches Android programming course for absolute beginners
#1006 Apple’s official statement on why the iOS 10 kernel is not encrypted
#1005 WordPress security update patches two dozen flaws
#1004 Unpatched remote code execution flaw exists in Swagger
#1003 Let’s Encrypt celebrates big HTTPS milestone
#1002 Hackers would like to join your LinkedIn network - and you'd probably accept them
#1001 McAfee Labs: Threats Report (PDF)
#1000 ‘GODLESS’ mobile malware uses multiple exploits to root devices
#999 Firm pays $950,000 penalty for using WiFi signals to secretly track phone users
#998 Advantech patches WebAccess remote code execution flaws
#997 Ransomware a two-year nightmare in the making
#996 Nuclear, Angler exploit kit activity has disappeared
#995 Patched libarchive vulnerabilities have big reach
#994 154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12