Recent research by Checkpoint has revealed a new malicious malware named Gooligan which has breached the security of a million Google accounts.
The malware infects the devices and steals the tokens which are used to access Gmail, Google Play, Google Photos and Documents, Google Drive and more. Gooligan has infected many Android devices mainly Android 4 and 5. Large number of victims are from Asia where it has affected about 57% of the devices and the number is increasing everyday. In addition to Google accounts, it also infects a number of fake applications like Perfect Cleaner, Wi-Fi Enhancer, UC Mini, memory Booster etc. (Check the list of fake apps in Appendix A, here)
Gooligan may attack through a fake 3rd party application, a spam email or SMS. When a user installs any unverified Gooligan-infected app on the Android Device, the malware accesses the root data of the device and sends it to the attacker. As a result, attacker gets remote control of the device. The malware not only steals the account information but also install apps from Google Play itself and then rate them to get paid by other parties.
Image: CheckPoint
Checkpoint informed Google management about the alarming situation. Google appreciated the concern and they are now investigating the issue further together. Adrian Ludwig, Director of Android Security at Google, said,
“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Google has already taken some steps to ensure the security of users and they’ll continue to do so in future. Google is removing the unverified apps from Google Play, revoking affected tokens and also enhancing accounts’ security.
Image: Fake Reviews
How to know if your account is safe or not?
You can check if your account is breached through web site https://gooligan.checkpoint.com/.
If your account has been compromised then,
- Take your phone to a certified technician to request a clean installation of operating system, a process which is called “Flashing”.
- Change your password of Google account after this process.
- Install antivirus e.g, Check Point ZoneAlarm to check infected apps.