Malware Alert: If you are using an Android Smartphone, then your personal data - Gmail, Google Photos, and Google Docs etc - is vulnerable to a new variant of Android malware called, 'Gooligan'.
Researchers at the Check PointR Software Technologies have revealed a new variant of Android malware, breaching the security of more than one million Google accounts and is currently spreading to 13,000 new users each day.
The Gooligan malware roots Android devices and steals email addresses and authentication tokens stored on them. With this information, attackers can access users' sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
The infection begins when a user downloads and installs a Gooligan-infected app on an Android device, or by clicking on malicious links in phishing attack text messages. After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim.
Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent nearly 74
percent of Android devices in use today.
"This theft of over a million Google account details is very alarming and represents the next stage of cyber- attacks," said Michael Shaulov, Check Point's head of mobile products. "We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them."
"If your account has been breached, a clean installation of an operating system on your mobile device is required. For further assistance, you should contact your phone manufacturer or mobile service provider," added Shaulov.
Check Point's Mobile Research Team first encountered Gooligan's code in the malicious SnapPea app last year. In August 2016, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. About 40 percent of these devices are located in Asia and about 12 percent are in Europe. Hundreds of the exposed email addresses are associated with enterprises around the world.
The report also states that every day Gooligan installs at least 30,000 apps on breached devices or over 2 million apps since the campaign began.
Check Point reached out to the Google security team.
"We appreciate Check Point's partnership...we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall," said Adrian Ludwig, Google's director of Android security in response.
Google has contacted affected users and revoked their tokens; it has also removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.
Check Point is offering a free online tool that allows users to check if their account has been breached.