Technology / Android malware ‘has compromised more than a million Google accounts’

Android malware ‘has compromised more than a million Google accounts’

A new type of Android malware has compromised more than a million Google accounts, according to cyber security researchers.

Experts from Check Point said the threat, which they called Gooligan, roots smartphones and tablets to give itself high-level privileges and installs software that steals the authentication tokens that give access to Google-related accounts without passwords.

These services include Gmail, G Suite and Google Photos, Docs, Drive and Pay.

The researchers said the malware affects Android Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop, which run on nearly 74 per cent of devices with the Google operating system. It has been found in at least 86 apps on third-party marketplaces.

Check Point said it infects 13,000 devices each day and has rooted more than a million smartphones and tablets, including hundreds using enterprise accounts.

"This theft of over a million Google account details is very alarming and represents the next stage of cyber attacks," said Michael Shaulov, Check Point’s head of mobile products. "We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them."

Gooligan also has a second function: to generate revenue by installing Google Play apps on victims' devices and rating them on the app store. The researchers say it installs at least 30,000 apps per day on breached devices - more than two million since the campaign began.

In a blog post, Google said it was working to protect users against the threat posed by the malware and that there was no evidence data was stolen from compromised accounts.

It added it is using a service called Verify Apps to scan users’ devices and display a warning if they are running Gooligan or similar malicious apps.

“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall,” wrote director of Android security Adrian Ludwig.

“These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”

Gooligan exploits the kind of flaw that has cyber security researchers worried about Donald Trump’s reluctance to give up his Android smartphone when he becomes president.

While Barack Obama has an NSA-designed phone with limited functionality, the president elect is keen to retain access to his personal device when he enters the White House, and some experts are worried it could put US security at risk.

For more on Gooligan, see the Check Point blog.


Photo © Ucalno Tekno (CC BY 2.0). Cropped.

teiss

Shares