Android-rooting Gooligan malware infects 1 million devices At an estimated rate of 13,000 smartphones a day.
A new strain of Android malware is infecting an estimated 13,000 devices per day.
The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users’ sensitive data from Gmail accounts, security researchers at Check Point Software Technologies warn.
The malicious code creates a money-making sideline for crooks by fraudulently installing apps from Google Play and rating them on behalf of the victim.
Gooligan targets devices running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), collectively around 74 per cent of Android devices currently in use. Gooligan is installing at least 30,000 apps on breached devices every day, or more than 2 million apps since the malicious campaign began, according to Check Point.
Security researchers at the Israeli firm first encountered Gooligan’s code in the malicious SnapPea app last year. In August, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. About 40 per cent of these devices are located in Asia and about 12 per cent are in Europe. Hundreds of the email addresses compromised by Gooligan are associated with enterprises around the world.
Check Point has passed on its findings on the campaign to Google’s security team. “This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile products. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
Gooligan spreads when victims download and install an infected app. Crooks are slinging the malware by tricking victims into following malicious links in phishing messages.
“If your account has been breached, a clean installation of an operating system on your mobile device is required,” Shaulov advised.
Gooligan Boosts Google Play Ratings
The authors of Gooligan could conceivably use it in a number of different ways, including accessing your private data. However, it appears they’re actually using Gooligan to game Google Play, downloading apps and leaving 5-star reviews in order to boost the ratings of those apps. The reason? Money, of course, as this process generates serious revenue.
Google is already on the case, with Android security engineer Adrian Ludwig explaining:
“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”