Researchers with Check Point Software recently released a report on a new strain of Android malware called Gooligan. This malware has compromised more than a million Google accounts, and is expected to effect at least another 13,000 accounts as users continue to download the infected applications responsible.
Gooligan’s origins have been traced back to an app called SnapPea, which was identified as malware a year ago. Since then, it has popped up in dozens of other seemingly-legitimate apps available for download in third party Android stores, which are popular with users searching for a free alternative to paid apps. As these app stores are not controlled by Google, downloading applications through them is firmly discouraged by Google. Only applications downloaded through the Google Play store are scanned for malware or other issues.
Users who bypass the safeguards offered by Google Play are at risk of dangerous malware infections. Gooligan is especially harmful, as it gains access to a user’s entire Google account. These Gooligan-infected apps can also be downloaded to your devices through phishing scams that forward download links to unsuspecting users through text messages, or other mobile messaging services.
A device that has been infected by Gooligan has the ability to grant hackers access to any data stored in the user’s Google Docs, Google Drive, Google Photos, Gmail, and Google Play accounts. The bulk of the infections occurred in Asia (57%), with the Americas coming in a distant but no less alarming second (19%).
Gooligan is able to do more than just steal private data. The malware can take your account and token authentication information, and use it to install adware that generates revenue for the hacker. It can also use your credentials to install app from Google Play and boost their approval rating – which explains why you will sometimes find truly awful apps in the Google Play store with high ratings.
This is believed to be the biggest Google Account breach to date. Google has been made aware of the situation, and has already taken steps to protect their users and improve the security of the Android system overall. Check Point Software provides a tool that will allow you to find out if your account has been compromised. You can check your account here.
Want to learn more about the steps you can take to keep your devices safe from malware? Contact us at firstname.lastname@example.org or (415) 294-5250. We’re the IT professionals businesses in San Francisco trust.