SRINAGAR: A fresh advisory issued by the National Cybercrime Threat Analytics Unit (NCTAU) under the Ministry of Home Affairs has flagged a sharp rise in a highly sophisticated category of Android malware, termed “Android God Mode,” capable of taking near-total control of infected devices and stealing sensitive financial and personal data in real time.
According to the advisory, the malware spreads by impersonating trusted banking, public service and utility applications such as SBI YONO, Jivan Praman Patra and RTO Challan, along with fake “customer support” apps. Users are tricked into granting high-level permissions, particularly Android Accessibility Services, enabling attackers to conduct stealthy overlay attacks and monitor activities on the device.
The agency revealed that the malware is typically delivered via phishing links or messaging platforms like WhatsApp as a dropper file disguised as Google Play Services. Once installed, it deploys advanced evasion techniques, including zero-length base APKs and split DEX files, to bypass security systems.
Cyber experts warn that the malware persistently pushes users to enable accessibility permissions under the guise of “essential functionality” and can even set itself as the default launcher, effectively locking users out of control. In many cases, the malicious apps remain hidden without icons and are capable of reinstalling themselves from backups even after deletion.
Authorities have urged Android users to avoid installing apps from unknown sources, refrain from clicking suspicious links, and carefully review permission requests. The advisory underscores the growing sophistication of cyber threats targeting mobile users and calls for heightened vigilance across the country.
