'Gooligan': Android malware breached security of 1mn users - security firm

'Gooligan': Android malware breached security of 1mn users - security firm

"Gooligan" malware has breached the security of 1 million Google accounts and could eventually compromise about 74 percent of Android devices, according to a cybersecurity firm. Gooligan has been found in at least 86 applications at third-party app stores. TagsHacking, Security

Security firm Check Point Software Technologies said Wednesday that apps infected with the malware and installed on an Android device use exploits in Android versions 4 and 5 to access "full control of the device and can execute privileged commands remotely."

"After achieving root access, Gooligan downloads a new, malicious module from the [campaignís Command and Control] server and installs it on the infected device," Check Point wrote. "This module injects code into running Google Play or GMS [Google Mobile Services] to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad."

The module allows Gooligan to "steal a user's Google email account and authentication token information"; "install apps from Google Play and rate them to raise their reputation"; and "install adware to generate revenue," Check Point said.

Google's Adrian Ludwig, lead engineer for Android security said Google has "worked closely with Check Point" in recent weeks to protect Android users. He said Gooligan is a variant of Ghost Push, Android malware that Google has found to have more than 150,000 variants since it was first seen more than a year ago.

"Nicknamed ĎGooliganí, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps," Ludwig wrote of the malware.

Ludwig said Google has yet to find any evidence of fraudulent access of Google accounts or of targeting of specific users. "The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant," he said.

Google's actions to protect its users, Ludwig wrote, include "revoking affected usersí Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether."

Check Point offered a list of the 86 "fake apps" infected by Gooligan.

"Gooligan has breached over a million Google accounts," the firm said. "We believe that it is the largest Google account breach to date, and we are working with Google to continue the investigation. We encourage Android users to validate whether their accounts have been breached."



Add Comment

all comments

  Other news

more
Love Islandís Amber Davies, Montana Brown and Chloe Crowhurst SNUB their castmates as they skip show's reunion party to attend different nightclub

Love Islandís Amber Davies, Montana Brown and Chloe Crowhurst SNUB their castmates as they..

29-Jul, 07:30

However, three of the showís stars made a bold statement by snubbing the...

Sri Lanka to sign deal on Hambantota port with China

Sri Lanka to sign deal on Hambantota port with China..

29-Jul, 01:50

Sri Lanka is due to sign a $1.1bn (?837m) deal with China for the control...

US plans to curb nicotine in tobacco

US plans to curb nicotine in tobacco..

28-Jul, 13:40

The US Food and Drug Administration (FDA) is seeking to limit nicotine...

Environmental concerns over Trump's golf plans at Menie

Environmental concerns over Trump's golf plans at Menie..

28-Jul, 11:40

The Scottish Environment Protection Agency (Sepa) has raised formal...

SXSW festival clarifies stance on deportation for international artists

SXSW festival clarifies stance on deportation for international artists..

07-Mar, 16:16

SXSW has changed its contract language in light of criticism about a...

'Arrow' star Colton Haynes is engaged to Jeff Leatham

'Arrow' star Colton Haynes is engaged to Jeff Leatham..

13-Mar, 10:04

Actor Colton Haynes and Jeff Leatham are engaged! The duo posted photos...

Carnival kicks off in Germany; Trump costumes popular

Carnival kicks off in Germany; Trump costumes popular..

23-Feb, 12:08

Germans are braving rain, high winds and tight security to celebrate this...

Hypercars mingle with station wagons at Geneva auto show

Hypercars mingle with station wagons at Geneva auto show..

05-Mar, 06:20

Europe's automakers face huge questions: the impact of Britain's decision...