Security firm Check Point has revealed a new malware campaign involving using malicious apps to root Android devices, steal Google authentication tokens and illegitimately rack up installation numbers and review scores for other apps.
The malware, dubbed “Gooligan” by Check Point , uses known vulnerabilities to get obtain root access — complete control — over devices running Android 4.x and 5.x, before using this to steal Google account names and authentication tokens. This then allowed the perpetrators to remotely install other apps from Google Play on victims’ devices, and post false reviews in their name.
In theory, malware like this, which is designed to steal authentication details, may have been able to access other areas of Google accounts, like Gmail or Photos. There’s no evidence that “Gooligan” did anything like this — instead, it appears it was built to make money for its creators through illegitimate app installs.
What is striking about this strain of malware is the number of accounts affected — more than one million since the campaign began, according to Check Point. The majority — 57 percent — of these accounts were compromised in Asia, according to the firm. Next were the Americas with 19 percent, Africa with 15 percent and Europe with 9 percent. Check Point has set up a site where you can check if your account is affected; Google also says it’s reaching out to anyone who may have been hit.
Ahead of today’s public announcement, Google and Check Point have been working together to improve Android’s security.
We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” said Adrian Ludwig, Google’s director of Android security. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Check Point also notes that Google’s “Verify Apps” technology has been updated to deal with apps using vulnerabilities like this. That’s significant because, while it doesn’t help devices that are already compromised, it roadblocks future installations on 92 percent of active Android devices, even without the need for firmware updates.
Like other app-based exploits, Google’s ‘Verify Apps’ feature now protects 92 percent of active devices from ‘Gooligan.’
“Verify Apps” is built into Google Play Services, and enabled by default in Android 4.2 Jelly Bean — accounting for 92.4 percent of active devices, based on the current numbers . (On older versions, it can be manually enabled.) Like the rest of Play Services, it’s regularly updated in the background, and it blocks the installation of malicious apps, and can advise users to uninstall malware that’s already there.
On newer versions of Android, the underlying exploits used by “Gooligan” to root devices will have been addressed through security patches. So as significant as a million compromised accounts sounds, this is also an example of Google’s security strategy for app-based malware working as designed, blocking installations of affected apps across the vast majority of the ecosystem.
If you’re concerned that your account may have been affected, you can hit up Check Point’s site. In future, Google’s existing safeguards — a part of Play Services for the past four years — will ensure you’re protected.
Update: Google’s lead engineer for Android security, Adrian Ludwig, has an extensive write-up on the background of today’s “Googlian” announcement, and what Google’s doing about it, over on Google+ .
The Pixel 6 arrives at the FCC as Google prepares to launch the device in the fall. The documents show support for mmWave 5G, UWB, reverse wireless charging, and more.
Facebook is competing with Nintendo, Sony, and Microsoft in a very real way with its own gaming console, the Oculus Quest 2, which will challenge your paradigm of what a next-gen console can be.
OnePlus is shaking things up and detailing more about its partnership with OPPO. But experts still don’t think that the company will be able to beat Samsung in budget phones.
If you want the best Android camera, you should go with the Google Pixel 5. Many great options get close, though. So we’ve gathered a solid list to get you started.
- Have you given Pokémon Go full access to everything in your Google account?
- Your iPhone is the new ‘key’ for securely signing-in to your Google account
- You can now use an iPhone as a security key for Google accounts
- How to backup WhatsApp chats on iOS and Android
- Now you can use Android phones, rather than passwords, to log in to Google*
- Google Pay: What it is and how to use it
- How Google's backup encryption works - the good, the bad, and the ugly
- You no longer need a phone number to use Google Duo on the web
- Google makes it easier for Android, iPhone users to activate built-in security keys
- Here are 5 tricks to make most of Google News
- Google has good news for iPhone users
- Your iPhone can now act as a physical Google security key
- Best Thin Cases for Google Pixel 3 XL in 2020
- How to manage (or cancel) your Google Stadia Pro subscription
- How to get started with Google’s Home application
- Google Nest Mini review: better bass and recycled plastic
- How to move photos from iPhone to Google Photos
- Google Chrome will soon let you copy text on one device and paste it on another
- Google will now help you find the perfect dress right from the search bar
- This phishing campaign uses an odd tactic to infect Windows PCs with two forms of trojan malware
'Gooligan' Android malware used to compromise Google accounts have 1008 words, post on www.androidcentral.com at November 30, 2016. This is cached page on TechNews. If you want remove this page, please contact us.