UPDATED 02:19 EST / DECEMBER 01 2016

APPS

Newly discovered Android malware has breached over 1M Google accounts

A new form of Android malware that roots devices and steals email accounts and authentication tokens has been found and is believed to have hijacked more than a million Google accounts.

Discovered by security firm Check Point Software Technologies Ltd. and named “Gooligan,” the malware targets older Android devices running on variants of Android called Jelly Bean (4.1, 4.2, 4.3), KitKat (4.4) or Lollipop (5.0, 5.1).

The malicious code, which is installed on a device via infected apps downloaded from third party Android app stores and disturbingly in some cases Google Play, seeks root permissions once installed in order to gain access to various stored accounts, with Google accounts being at the top of the list, giving those behind the malware access to sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

In addition to stealing user credentials, the malware also installs and rates fraudulent apps from the Google Play Store.

By the numbers, the infection rates are quite staggering, with 13,000 devices being infected each day. The malware installs 30,000 apps each day, or 2 million apps since the campaign began, and the list of hijacked email address includes hundreds associated with enterprise accounts.

“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” Check Point’s head of mobile products Michael Shaulov said in a blog post.  “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Check Point reached out to Google first to inform them of their findings. Google is said to have contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family (of which Gooligan is a member) from Google Play, and added new protections to its Verify Apps technology.

In a post to Google Plus, Director of Android Security Adrian Ludwig said Google officials have worked closely with Check Point in recent times to investigate Gooligan and to protect users against the threat it poses. He claimed there is no evidence data was accessed from compromised accounts or that individual users were targeted.

The best advice is that if a third party app requests root access to your phone, don’t approve the request.

Image credit: Pexels/Public Domain CC0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.