The security research team of Check Point revealed that a new Android malware, dubbed as Gooligan, breached security of more than a million Google accounts and the number is increasing by 13000 every day.
The malware roots infect devices and steals authentication tokens stored on them. The hackers then are able to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.
This malware, Gooligan, mostly affects devices on Android 4 and 5. It is found that the fake applications looked apparently legitimate and once downloaded and installed by an Android user, the malware will start sending the stolen data from the user’s devices to its Command and Control (C&C) server.
Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153), report the researchers.
This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behaviour so that Gooligan can avoid detection. The module allows Gooligan to:
1) Steal a user’s Google email account and authentication token information.
2) Install apps from Google Play and rate them to raise their reputation
3) Install adware to generate revenue
An online web tool, https://gooligan.checkpoint.com/ -- has been created by Check Point to check if your Android device has been infected with Gooligan virus. To find this, after opening “Gooligan Checker”, just enter google email ID. If the device shows infected, you are recommended to run a clean installation of the operating system, by a certified technician or mobile service provider, on your Android device.
No comments:
Post a Comment