An Android malware, known as Gooligan, infected more than a million Google accounts since August. The malware disguised as legitimate apps available for all Android mobile devices.
According to Check Point Software Technologies Ltd:
“As a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of over one million Google accounts. The number continues to rise at an additional 13,000 breached devices each day. Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.” – Check Point Software Technologies
The malware used innocent-sounding names, like Perfect Cleaner and Wi-Fi Enhancer. These apps exploited known flaws found in the older versions of Android so they can take control of the devices. They install other apps without user’s permission. Furthermore, they post fake reviews using the victim’s username and password.
This malicious software is a variant of Ghost Push, which has been around for two years. Google tracked more than 40,000 Ghost Push apps last year.
The researchers from Check Point shared their findings with Google. They are now working closely to develop techniques in fixing those infected devices. Google and Check Point will continue to collaborate to identify the group responsible for this malware.
Google has already eliminated those apps associated with Ghost Push from Google Play. It has also disrupted servers of the malware’s creators. Then, the company secures those compromised accounts.
Which Devices Are At Risk?
Gooligan malware infects devices using Android 4 released in 2012 and Android 5 launched in 2014. To know if your device has been compromised, you may visit Check Point’s site here to check your mobile device.
Your device is at risk of being infected if you do not update your smartphone’s operating system. It leaves your phone or table vulnerable to attacks that exploit those known software bugs.
The overall security of Android has not improved since 2012. But a spokesperson for Google said that the company has already provided steps to reduced chances of Android devices of being attacked by this malicious software. These measures include full disk encryption for those Android devices. They also pay security researchers when they discover new bugs. There is also a new technology that makes browsing on Android a lot safer.
Google said that 73 percent of Android users are still using Jelly Bean, KitKat, and Lollipop. Only 25 percent of Android users have updated to the newer versions of Android, like Marshmallow and Nougat.
Even though the malware has infected over a million Google accounts, it is just a small percentage compared to the more than a billion devices running on Android software.
If your account has been affected, you need to make a clean installation of the OS on your mobile device. Then, change your Google account passwords after performing the clean installation of Android.