Over 1 million Google accounts compromised in Android malware attack
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Photo Credit: Chris Goodney/Bloomberg

If you are running Jelly Bean, Kit-Kat, or Lollipop, this could affect you. Use the free tool here to find out

Israeli cyber security firm Check Point announced today that they have uncovered a new malware that they claim succeeded in rooting more than a million devices worldwide, and gaining access to the user’s Google accounts, including their Gmail, Google Drive, and other services linked to the account.

Once the virus reaches the device, the malware campaign in its current form as it emerged in August that they are calling Gooligan, steals the user’s email address and authentication tokens. This then allows the hackers to install various apps, which they then benefit from financially by rating on Google Play in the name of the user. As an added kicker, the virus installs adware for making additional cash off of its victims.

Android devices running Jelly Bean, Kit-Kat, or Lollipop operating systems, which according to Check Point, accounts for some 74% of all users. While the number of those with verified cases of Gooligan had only reached around a million since , it was apparently infecting 13,000 new devices and installing 33,000 apps every day, including a significant number of enterprise accounts.

The malware is reported to have made its way onto users’ devices through downloads on third party apps stores, as well as phishing links in emails.

How Gooligan works Image Credit: Check Point

How Gooligan works Image Credit: Check Point

“This theft of over a million Google account details is very alarming and represents the next stage of cyber- attacks,” said Michael Shaulov, Check Point’s head of mobile products in the statement that was released by the company. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

After discovering the attack, Check Point alerted Google with their findings. In response, the Google team has taken a number of steps to mitigate the damage and prevent the further spread of the Ghost Push viruses. These measures include alerting affected users, revoking their tokens, and removing apps that are associated with the Ghost Push group. Google also says that they have made improvements in their Verify Apps technology, which they hope will cut down on the incentive for carrying out these sorts of campaigns.

“We appreciate Check Point’s partnership as we’ve worked together to understand and take action on these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” explained Adrian Ludwig, Google’s director of Android security, in his statement to the press.

Locations affected by Gooligan Image Credit: Check Point

Locations affected by Gooligan Image Credit: Check Point

For their part, Check Point has created a free online tool for affected users to check if their account has been compromised. The company regularly offers patches and similar tools when it uncovers malicious software.

“If your account has been breached, a clean installation of an operating system on your mobile device is required. This complex process is called flashing, and we recommend powering off your device, and approaching a certified technician or your mobile service provider, to re-flash your device,”

As has been noted in the past, Android’s openness, which is generally greatly appreciated by its users, is a double-edged sword. Third-party app stores may offer free app downloads, but more often than not, they come at a price.

Android users are advised to download from the Google Play store or trusted sources only, and everyone should be cautious when clicking on links that could be phishing attempts.

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
Gabriel Avner

About Gabriel Avner


Gabriel has an unhealthy obsession with new messaging apps, social media and pretty much anything coming out of Apple. An experienced security and conflict consultant, he has written for The Diplomatic Club, the Marine War College, and covers military affairs with TLV1 radio. He mostly enjoys reading articles wherever his ADD leads him to and training Brazilian Jiu Jitsu. EEED 44D4 B8F4 24BE F77E 2DEA 0243 CBD1 3F7C F4B6

More Goodies From Mobile


The most popular app trends of 2017

Top 10 Kansas City startups spread across two states

Security is sacred: CIA, WikiLeaks, and what we can do about it