1 million Google accounts compromised thanks to Gooligan malware
Security firm Check Point Software Technologies have discovered a new Android-based malware that's been dubbed 'Gooligan'.
Gooligan has been found in at least 86 apps available in third-party marketplaces. Once installed the malware uses rooting techniques to gain high-level system access to Android devices running on Android version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop).
The Gooligan malware uses these root vulnerabilities to obtain Google account names and authentification tokens. Which once obtained then allows the perpetrators to install various malicious apps onto the victim's devices using a technique known as the 'Ghost Push'.
Ghost Push as outlined by Adrian Ludwig, Google's lead engineer for Android security, has been tackled by Google since 2014.
Ludwig recently detailed Google's fight against Ghost Push in a Google+ blog post in which he states, "Since 2014, the Android security team has been tracking a family of malware called 'Ghost Push,' a vast collection of 'Potentially Harmful Apps' (PHAs) that generally fall into the category of 'hostile downloaders.'
These apps are most often downloaded outside of Google Play and after they are installed, Ghost Push apps try to download other apps. For over two years, we’ve used Verify Apps to notify users before they install one of these PHAs and let them know if they’ve been affected by this family of malware."
Ludwig also stated that Google has been 'strengthening Android ecosystem security' by making use of Verify Apps, which is a system designed to notify a smartphone user of any app installations on their device and requires that the user approves the installation.
Newer verisons of the Android OS have already patched the underlying exploits via security patches.
How can I find out if I've been affected?
According to Check Point Software Technologies 57 per cent of accounts that have been compromised are of Asian origin, followed by the Americas with 19 per cent, Africa with 15 per cent and Europe with 9 per cent.
To help combat this Check Point has set up a website where you can check to see if your Google account has been affected by the malware: https://gooligan.checkpoint.com/.
Google has stated that it's reaching out to anyone who may have been hit.