Malware takes over one million Google accounts: report

Malware takes over one million Google accounts: report

How to tell if your account has been infected by Gooligan, the malware variant identified by security vendor Check Point.

A new malware variant discovered by Check Point Software Technologies and dubbed Gooligan has spread at the rate of 13,000 devices a day and has become the first to root more than a million devices.

In this context, 'root' means to gain access to all functions of the operating system. Normally, certain aspects of a phone or tablet are shielded, partly for commercial reasons (for example, to prevent the removal of bundled applications) but also to prevent apps from doing things they shouldn't. So a malicious app may start by rooting a device so it can get up to no good.

And that's what Gooligan does, at least on device running Android 4 (Jelly Bean, KitKat) or 5 (Lollipop).

If an app infested with Gooligan is installed, or if a user clicks on a link delivered by a phishing attack text message, the malware roots the device and steals email addresses and authentication tokens, which can be used to access the user's Google account (think Gmail, Google Photos, Google Drive, and so on).

It then installs apps from Google Play and rates them (presumably to make them seem more attractive to other people) without the user's involvement. More than 2 million apps have been installed this way.

Check Point has set up an online service to check whether particular email addresses are known to have been compromised by Gooligan.

A clean reinstallation of Android is required if a device has been infected by Gooligan, Check Point said, suggesting that the manufacturer or carrier be contacted for assistance. See this Check Point blog post for more information.

Source: Check Point Software Technologies

The current Gooligan variant was discovered in August and immediately reported to Google, which responded by contacting users known to have been infected, revoking their authentication tokens, removing apps from Google Play, and stepping up the checks performed on apps before they are admitted to the store.

Source: Copyright © BIT (Business IT). All rights reserved.

See more about:  android  |  google  |  malware  |  security
Sign up to the BIT newsletter!
Our newsletter gives you the tech advice you need to make the right decisions for your small and medium business.

Latest Comments

Latest articles on iTnewsLatest iTnews Articles
Telstra-built national cancer register running months behind schedule
24 Feb 2017
Delays impact bowel cancer, cervical screens.
Cloudflare reveals 'bad' data leakage bug
24 Feb 2017
'Cloudbleed' exposed customer HTTPS sessions.
Chef CEO to keynote at Cloud & DC Edge 2017
24 Feb 2017
[Blog post] More international speakers announced.
First Aussie cyber threat sharing centre opens in Brisbane
24 Feb 2017
Co-locates private, public sector experts.
Police arrest bot herder behind attack on millions of routers
24 Feb 2017
Faces up to a decade in prison if found guilty.