Based on the data collected from cyber-security firm Trend Micro's "Mobile App Reputation Service", malicious apps related to "Godless" are found in prominent app stores, including Google Play.
"Godless" hides inside an app and exploits the root of the operating system (OS) on your phone. This creates admin access to a device, allowing unauthorised apps to be installed.
"It contains various exploits to ensure it can root a device and it can even install spyware," the report warned.
By having multiple exploits to use, 'Godless' can target virtually any Android device running on Android 5.1 (Lollipop) or earlier.
Almost 90 percent of Android devices globally currently run on affected versions, the company claimed.
Once the malware has finished its rooting, it can be tricky to uninstall.
"When downloading apps, users should always review the developer. Unknown developers with very little or no background information may be the source of these malicious apps.Users should also have secure mobile security that can mitigate mobile malware," said Nilesh Jain, Country Manager, (India and SAARC), Trend Micro.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.