MALWARE

Has your phone been affected by Gooligan malware?

shutterstock_288050993

In what is called one of the largest thefts by a malware, Gooligan has reportedly affected nearly one million Android smartphones. According to Check Point Research, a security firm that reported the breach, more than 13,000 devices are newly infected daily.

The malware gets into the device when a user downloads an app from a third-party provider other than Google Play. These apps look legitimate, but there's no way of really being sure. Users flock to these apps because they are free versions of paid Google Play apps.

The malware then “steals” authentication tokens which are associated with the phone's Google account. Then, it gains access to all the other Google-associated data on the phone, including Gmail, Google Photos, Google Drive and Google Docs.

Harmful apps are then downloaded to the user's phone without his or her knowledge, and hidden. Usually, these apps are phishing campaigns, and this puts the user's credentials at serious risk of exposure. The malware possibly works with these phishing apps to send sensitive data to the maker.

Malware uses your account to post reviews
However, Adrian Ludwig, director of security at Google, claims that Gooligan may only end up promoting apps and not stealing sensitive data. He said that Google hasn't found any "signs of other fraudulent activity within the affected Google accounts".

Indeed, all that the malware seems to do, according to Check Point, is to install apps from Google Play and “rate them to raise their reputation”. The malware uses the user's Google account to post a high rating and positive reviews of certain apps. It also installs adware.

gooligan

Yet, the breach of security is a serious concern. The security firm confirms that almost all the devices affected by Gooligan run on Android 5 or lower—and this makes up almost 74 per cent of all the Android phones in the market today. Further, about 57 per cent devices in Asia are affected, 19 per cent in the United States, 15 per cent in Africa and 9 per cent in Europe.

Check Point says that their researchers first encountered Gooligan’s code in the malicious SnapPea app last year. It resurfaced after a period of lull in 2016, as mentioned in the Check Point blog. “[The malware] reappeared with a more complex architecture that injects malicious code into Android system processes.”

The officials at Check Point are reportedly working with the Google Security Team to curb the malware “campaign” and figure out its source.

Check if your device is affected
Visit https://www.gooligan.checkpoint.com to confirm if your device is among the affected. The site only asks for your email id, and checks if it has been compromised by the malware. You can also check if you have downloaded a fake app through this list: http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

Check Point suggests that you take your phone to a certified service centre to do a “clean installation of an operating system on your mobile device”, also called “flashing”. Also, change Google account passwords to prevent further breach.  

This browser settings will not support to add bookmarks programmatically. Please press Ctrl+D or change settings to bookmark this page.