'Gooligan': Android malware breached security of 1mn users - security firm

'Gooligan': Android malware breached security of 1mn users - security firm

"Gooligan" malware has breached the security of 1 million Google accounts and could eventually compromise about 74 percent of Android devices, according to a cybersecurity firm. Gooligan has been found in at least 86 applications at third-party app stores. TagsHacking, Security

Security firm Check Point Software Technologies said Wednesday that apps infected with the malware and installed on an Android device use exploits in Android versions 4 and 5 to access "full control of the device and can execute privileged commands remotely."

"After achieving root access, Gooligan downloads a new, malicious module from the [campaign’s Command and Control] server and installs it on the infected device," Check Point wrote. "This module injects code into running Google Play or GMS [Google Mobile Services] to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad."

The module allows Gooligan to "steal a user's Google email account and authentication token information"; "install apps from Google Play and rate them to raise their reputation"; and "install adware to generate revenue," Check Point said.

Google's Adrian Ludwig, lead engineer for Android security said Google has "worked closely with Check Point" in recent weeks to protect Android users. He said Gooligan is a variant of Ghost Push, Android malware that Google has found to have more than 150,000 variants since it was first seen more than a year ago.

"Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps," Ludwig wrote of the malware.

Ludwig said Google has yet to find any evidence of fraudulent access of Google accounts or of targeting of specific users. "The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant," he said.

Google's actions to protect its users, Ludwig wrote, include "revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether."

Check Point offered a list of the 86 "fake apps" infected by Gooligan.

"Gooligan has breached over a million Google accounts," the firm said. "We believe that it is the largest Google account breach to date, and we are working with Google to continue the investigation. We encourage Android users to validate whether their accounts have been breached."



Add Comment

all comments

  Other news

more
Manchester police raid house, arrest suspect in connection with suicide bomber

Manchester police raid house, arrest suspect in connection with suicide bomber..

28-May, 11:40

As the Manchester Arena bombing investigation unfolds, police raid a...

Macron: Awkward Trump handshake a 'moment of truth'

Macron: Awkward Trump handshake a 'moment of truth'..

28-May, 07:59

French President Emmanuel Macron has said his clenched handshake with...

Silent world

Silent world..

28-May, 19:15

Settled as early as the 9th Century, Mount Koya is a Unesco world...

'Lame duck'

'Lame duck'..

29-May, 03:24

It was a miserable day on Sunday in Rio de Janeiro. But the heavy fog...

ANALYSIS: How to interpret Trump's first jobs report

ANALYSIS: How to interpret Trump's first jobs report..

10-Mar, 12:44

The Bureau of Labor released its February jobs report this morning,...

German prosecutors to search Daimler offices in diesel probe

German prosecutors to search Daimler offices in diesel probe..

23-May, 08:57

German automaker Daimler AG says prosecutors will be searching several of...

Astrid Silva: Meet the woman delivering the Democratic response to Trump in Spanish

Astrid Silva: Meet the woman delivering the Democratic response to Trump in Spanish..

27-Feb, 16:08

Immigration activist Astrid Silva will be delivering the Democratic...

Trump offspring, spouses ditch DC, NYC for Aspen

Trump offspring, spouses ditch DC, NYC for Aspen..

22-Mar, 07:20

The Trump clan -- its patriarch, President Donald Trump -- ditched the...