If you are running Jelly Bean, Kit-Kat, or Lollipop, this could affect you. Use the free tool here to find out
Israeli cyber security firm Check Point announced today that they have uncovered a new malware that they claim succeeded in rooting more than a million devices worldwide, and gaining access to the user’s Google accounts, including their Gmail, Google Drive, and other services linked to the account.
Once the virus reaches the device, the malware campaign in its current form as it emerged in August that they are calling Gooligan, steals the user’s email address and authentication tokens. This then allows the hackers to install various apps, which they then benefit from financially by rating on Google Play in the name of the user. As an added kicker, the virus installs adware for making additional cash off of its victims.
Android devices running Jelly Bean, Kit-Kat, or Lollipop operating systems, which according to Check Point, accounts for some 74% of all users. While the number of those with verified cases of Gooligan had only reached around a million since , it was apparently infecting 13,000 new devices and installing 33,000 apps every day, including a significant number of enterprise accounts.
The malware is reported to have made its way onto users’ devices through downloads on third party apps stores, as well as phishing links in emails.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber- attacks,” said Michael Shaulov, Check Point’s head of mobile products in the statement that was released by the company. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
After discovering the attack, Check Point alerted Google with their findings. In response, the Google team has taken a number of steps to mitigate the damage and prevent the further spread of the Ghost Push viruses. These measures include alerting affected users, revoking their tokens, and removing apps that are associated with the Ghost Push group. Google also says that they have made improvements in their Verify Apps technology, which they hope will cut down on the incentive for carrying out these sorts of campaigns.
“We appreciate Check Point’s partnership as we’ve worked together to understand and take action on these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” explained Adrian Ludwig, Google’s director of Android security, in his statement to the press.
For their part, Check Point has created a free online tool for affected users to check if their account has been compromised. The company regularly offers patches and similar tools when it uncovers malicious software.
“If your account has been breached, a clean installation of an operating system on your mobile device is required. This complex process is called flashing, and we recommend powering off your device, and approaching a certified technician or your mobile service provider, to re-flash your device,”
As has been noted in the past, Android’s openness, which is generally greatly appreciated by its users, is a double-edged sword. Third-party app stores may offer free app downloads, but more often than not, they come at a price.
Android users are advised to download from the Google Play store or trusted sources only, and everyone should be cautious when clicking on links that could be phishing attempts.