androidmalware620100437304orig

Gooligan worms its way into Android phones, compromises one million Google accounts

If you tend to download apps from places other than the Play Store, your Google account might be compromised. Researchers at the security firm Check Point Software Technologies have uncovered a piece of malware that seeks to root your device in order to gain access to your precious Google account.

But the so-called Gooligan Trojan Horse isn’t after your credit card information or contacts list. Rather, the scheme is an old-fashioned money-making one. Once it has broken into your account, the malware proceeds to download apps from Google Play on your device and give them high marks and positive reviews on your behalf. Additionally, it may install adware on your phone that manifests itself in the form of intrusive pop-ups.

At least 1 million accounts have been affected by the Gooligan attack, and Check Point is seeing some 13,000 new devices infected each day, primarily ones running Jelly Bean, KitKat and Lollipop. Phones running Marshmallow (6.0) or Nougat (7.0, 7.1) appear to be immune.

While this particular strain might be new, the vulnerability itself is old hat. Gooligan is essentially a variant of Ghost Push, which Google has been working for the better part of two years to tackle. And rest assured, the company is already investigating the new strain with Check Point to protect future users from being infected. As Adrian Ludwig, lead engineer for Android security, noted on his Google+ blog, Google is constantly working to make sure vulnerabilities like Gooligan don’t happen in the future:

“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”

The impact on you: Malware is scary and the openness of Android means it is constantly at risk of attack. But there are easy ways you can protect yourself. For starters, try to avoid downloading any apps outside of Google Play, and always update your phone with the latest possible security patches and OS updates when they're available. But if you think you may have been infected, you can run a check on your device here. If it has been compromised, simply flash your device and change your Google password.

IDG Insider

PREVIOUS ARTICLE

« AWS launches FPGA-based cloud instances to accelerate complex applications

NEXT ARTICLE

Microsoft Surface Studio teardown reveals Intel and ARM chips inside »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?