Android malware infects 1 Million phones globally

Android malware infects 1 Million phones globally

Android Nougat statue at Google campus in Mountain View, Calif.

SAN FRANCISCO — A new variant of a well-known malware program has infected more than one million phones around the world that run older versions of Google's Android operating system, a security firm reported Wednesday.

The malware campaign, named Googlian, attacks phones running the Android 4 and 5 operating systems, known as Jelly Bean, KitKat and Lollipop, and according to Check Point Software Technologies can potentially access information from users' other Google accounts.

However, Google said in a blog post that it had found no evidence of other fraudulent activity within affected Google accounts.

The software is part of "GhostPush," a family of apps that once installed, try to download other apps. Google said that it has been tracking this family of malware since 2014 and so far has detected and prevented the installation of over 150,000 variations of Ghost Push.

The problem only affects Android phone users who have downloaded apps from a non-approved Android site. Those who buy their apps on the Google Play store are safe, Check Point said.

That's likely why of the 1 million breached accounts, only 19% are in "The Americas," according to Check Point. Presumably, a high number of those are outside of the United States as buying apps from non-approved sites tends to be more common outside the United States.

Google said it has contacted affected users, removed apps associated with the problem and added new protections to its Verify Apps technology.

The problem is similar to an issue that surfaced with malware that could affect iPhones running non-Apple approved apps in 2015.

The moral of the story is that consumers should stick with legitimate sources for their apps, said Dimitri Sirota, CEO of BigID, a data protection company.

"The best policy for avoiding this type of unfortunate situation is to look at the reputation of the purveyor — buy your Gucci from a Gucci store, get your news from a publication with a reputation at stake and download your apps from certified stores like Google Play," he said.

Google also reminded users of Android phones to keep their devices up to date and thus secure.

" Because Ghost Push only uses publicly known vulnerabilities, devices with up-to-date security patches have not been affected," its blog post said.



Add Comment

all comments

  Other news

more
Manchester police raid house, arrest suspect in connection with suicide bomber

Manchester police raid house, arrest suspect in connection with suicide bomber..

28-May, 11:40

As the Manchester Arena bombing investigation unfolds, police raid a...

Macron: Awkward Trump handshake a 'moment of truth'

Macron: Awkward Trump handshake a 'moment of truth'..

28-May, 07:59

French President Emmanuel Macron has said his clenched handshake with...

Silent world

Silent world..

28-May, 19:15

Settled as early as the 9th Century, Mount Koya is a Unesco world...

'Lame duck'

'Lame duck'..

29-May, 03:24

It was a miserable day on Sunday in Rio de Janeiro. But the heavy fog...

ANALYSIS: How to interpret Trump's first jobs report

ANALYSIS: How to interpret Trump's first jobs report..

10-Mar, 12:44

The Bureau of Labor released its February jobs report this morning,...

German prosecutors to search Daimler offices in diesel probe

German prosecutors to search Daimler offices in diesel probe..

23-May, 08:57

German automaker Daimler AG says prosecutors will be searching several of...

Astrid Silva: Meet the woman delivering the Democratic response to Trump in Spanish

Astrid Silva: Meet the woman delivering the Democratic response to Trump in Spanish..

27-Feb, 16:08

Immigration activist Astrid Silva will be delivering the Democratic...

Trump offspring, spouses ditch DC, NYC for Aspen

Trump offspring, spouses ditch DC, NYC for Aspen..

22-Mar, 07:20

The Trump clan -- its patriarch, President Donald Trump -- ditched the...