Researchers with Check Point Software released a report in early December on a new strain of Android malware called Gooligan. This malware has compromised more than a million Google accounts and is expected to continue affecting accounts at a rate of about 13,000 per day as users continue to download the infected applications responsible.
Gooligan’s origins have been traced back to an app called SnapPea, which was identified as malware more than a year ago. Since then, the infection has popped up in dozens of other seemingly legitimate apps available for download in third party Android stores, which are popular with users searching for a free alternative to paid apps. Downloading applications through these stores is firmly discouraged by Google. Only applications downloaded through the Google Play store are scanned for malware or other issues, making the third party supplied apps potentially unsafe.
Users who bypass the safeguards offered by Google Play are at risk of dangerous malware infections. The Gooligan virus is especially harmful, as it gains access to a user’s entire Google account. In addition to third-party Android stores, these Gooligan-infected apps can also be downloaded to your device through phishing scams that forward download links to unsuspecting users through text messages or other mobile messaging services.
A device that has been infected by Gooligan can grant hackers access to any data stored in the user’s Google Docs, Google Drive, Google Photos, Gmail, and Google Play accounts. The bulk of the infections occurred in Asia (57%), with the Americas coming in a distant, but no less alarming, second (19%).
Gooligan is capable of doing more than just stealing private data. The malware can use your account and token authentication information to install adware that generates revenue for the hacker. It can also use your credentials to install apps from Google Play and boost their approval rating – which explains why you will sometimes find truly awful apps in the Google Play store with high ratings.
This is believed to be the biggest Google Account breach to date. Google is well aware of the situation and has already taken steps to protect their users and improve the security of the Android system overall. Check Point Software is doing their part to help with the situation as well by providing a tool that will allow you to find out if your account has been compromised. You can check your account here.
Want to learn more about the steps you can take to keep your devices safe from malware? Contact us at firstname.lastname@example.org or (443) 589-. We are the highly reputable and trusted IT professionals for businesses in Baltimore, Washington, DC and across Maryland trust. 1150