New Android ‘God Mode’ threat explained: How hackers are taking over phones in India

India’s cybercrime unit has warned of a dangerous Android “God Mode” malware that can give hackers full control of a user’s phone. The attack spreads through fake apps and APK downloads, tricking users into granting Accessibility permissions.

New Delhi: India’s cybersecurity officials have put out an urgent alert about a new Android malware called “God Mode.” The National Cybercrime Threat Analytics Unit (NCTAU) says this threat lets hackers take almost the total charge of your smartphone. Once they’re in, they can watch everything you do, grab sensitive info, and even control your device without having a clue.

Hackers are spreading this malware by tricking people. They hide it inside apps that look trustworthy, think banking apps, utility services, or what appears to be a regular system update. Everything seems fine at first, but in reality, the app starts to quietly take over.

How the ‘God Mode’ attack works

Here’s how it usually happens: You get a message, maybe via SMS or WhatsApp, with a link. It pushes you to download an APK file, pretending to be a software update or some helpful service. Once you install it, the app asks for Accessibility permissions. That’s the moment things go downhill. Once you grant that access, the malware can see everything on your screen, read your messages and OTPs, and even tap or approve things on your behalf.

What hackers can do with your phone

Once the malware is active, the attacker essentially controls the device in real time. This opens the door to serious risks:

Intercepting SMS and banking OTPs

Accessing contacts and spreading further scams

Making calls or enabling call forwarding

Displaying fake screens over banking apps

Accessing the camera without permission

In short, personal data, financial information, and privacy are all at risk.

Why this malware is hard to detect

This threat is more advanced than typical malware. It is designed to stay hidden and avoid detection. In many cases, users may not even realise their phone has been compromised.

The app may not appear in the app drawer. It can reinstall itself and bypass certain security checks. Some versions may even set themselves as the default launcher, making removal more difficult.

Key safety measures to follow

Authorities have shared clear steps to reduce the risk of infection:

Download apps only from trusted sources like the Google Play Store

Avoid installing APK files from unknown links or messages

Be cautious of apps asking for unnecessary Accessibility permissions

Regularly check Accessibility settings and device admin apps

A quick precautionary step is to dial ##002# to disable any unknown call forwarding settings.

What to do if you’re affected

If you suspect your phone has been compromised, act immediately:

Restart your phone in Safe Mode and remove suspicious apps

Review all permissions and settings

Perform a factory reset if the issue continues

Report the incident by calling 1930 or using India’s cybercrime portal

This warning highlights a shift in cybercrime tactics. Instead of breaking into systems, attackers are now manipulating users into giving access themselves. The attack relies on trust and urgency, making it more dangerous.

The key takeaway is simple. If an app asks for excessive control, stop and think. One wrong tap can hand over your entire device.

Click for more latest Tech news. Also get top headlines and latest news from India and around the world at News9.

Pragya is a Science and Technology reporter, has Master degree in Journalism, covering a range of stories including space, gadgets and how tech is transforming our lives. She has 4+ years of industry experience in Digital Media and Content Writing. 15+ years of practice in yoga philosophy to every day, and that’s one way she strive to build meaningful experiences.

News Technology News Tech News New Android ‘God Mode’ Threat Explained: How Hackers Are Taking Over Phones In India News

© News9Live