With the cyber notoriety only growing more and more, reports have recently emerged of a new type of Android malware. It has been reported that the malicious software called "Gooligan" has breached over a million users' Google accounts and has been infecting devices at an estimated number of 13,000 devices per day.
Evidently, the malware has stolen email addresses and authentication tokens stored on Android devices, according to the cyber-security firm Check Point, who were the first to expose the malware.
What's frightening is that, with all the information available, hackers can access users' sensitive data from Gmail, Google Photos, Google Docs, Google Play, and other Google apps. Moreover, they could steal information from Google linked accounts.
On the other hand, Gooligan is also generating revenues for the criminals by fraudulently installing apps from Google Play and rating them on behalf of the victim.
Michael Shaulov, Check Point's head of mobile products stated that the theft of over a million Google account details was very alarming and it represented the next stage of cyber-attacks.
He further added that the cyber security domain was seeing a shift in the strategy of hackers. They were now targeting mobile devices in order to obtain the sensitive information that is stored on them.
However, in the following sections, as you read on below, you will get more answers regarding the Malware issue.
Who is Affected?
Check Point's Mobile Research Team had already encountered Gooligan's code in the malicious SnapPea app last year.
However, in August 2016, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. Hundreds of the exposed email addresses are associated with enterprises around the world.
In addition, about 40 percent of the devices are located in Asia and about 12 percent are in Europe. Check Point has further said that Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop).
As such the count represents nearly 74 percent of Android devices in use today.
How it Works?
Surprisingly, traces of the Gooligan malware code has been found in dozens of legitimate-looking apps on third-party Android app stores. Therefore, the infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device.
Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.
Are you Affected?
So, if you want to find out that you are infected or not, Check Point is offering a free online tool that allows Android users to check if their account has been breached.
In case you have been affected and your account has been breached, a clean installation of an operating system on your mobile device is required.
Commentating on the same, Michael Shaulov said that the complex process was called flashing. He has further said to power off the device and approach a certified technician or mobile service provider, to re-flash the device.
Any Measures Taken?
Well, Check Point has stated that they reached out to the Google Security team immediately with information on this malware issue. The firm has assured that their researchers are working closely with Google to investigate the source of the Gooligan.
Adrian Ludwig, Director of Android security at Google has appreciated Check Point's partnership with Google while working together to understand and take action on these issues.
Overall, Check Point and Google have taken numerous steps to protect users and are improving the security of the Android ecosystem.