Android smartphone manufacturers aren’t the best at updating smartphones to the latest software from Google — that means older devices are more susceptible to attacks thanks to public vulnerabilities that haven’t been patched. Chances are your Android phone is running an older version and unfortunately, there is a malware campaign affecting more than 1 million Google accounts.
Security firm Check Point released information about malware dubbed “Gooligan,” which can steal your Gmail account and authentication information, install apps from Google Play, rate them without your consent, and install adware. The latter two is used to improve app store ratings and “generate revenue.”
The malware only infects devices when a user downloads and installs a “Gooligan-infected app” on a vulnerable Android device via a third-party app store or from malicious links — you’re fine if you only download from the Google Play Store and are using a newer Android device running
“After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server,” the research team writes in a blog post. “Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits … These exploits still plague many devices today because security patches that fix them may not be available for some versions of
Unfortunately, nearly 74 percent Android devices run
Adrian Ludwig, director of Android security at Google, said his team has been tracking a family of malware called “Ghost Push” since 2014. Ghost Push is a collection of potentially harmful apps (PHAs) that are the “most often downloaded outside of Google Play.”
“After they are installed, Ghost Push apps try to download other apps. For over two years, we’ve used Verify Apps to notify users before they install one of these PHAs and let them know if they’ve been affected by this family of malware.”
Verify Apps is an Android feature that scans devices for security threats and Google said it found more than 40,000 apps associated with the malware in 2015. Now, the company says
As the motivation for Ghost Push apps is to promote apps and generate revenue, Ludwig says Google has found no evidence that user data has been accessed. There is also no evidence that a specific group of users or businesses were targeted. Google says it has improved the Verify Apps feature to protect users from these apps in the future — even if you try to install an infected app, your device will notify you and stop the installation. The search giant is also continually removing apps associated with the Ghost Push family on Google Play, as well as apps that have “benefitted from installs delivered by Ghost Push to reduce the incentive for this type of abuse.”
Google urges users to download apps from the Google Play Store so as to reduce the threat of installing a malicious app. For those accounts that have been compromised, Google has contacted users and revoked authentication tokens so that they can securely sign back in.
If you’re worried your account may be compromised, Check Point has a handy tool that lets you check. Just type in your email and hit “check” and the website will tell you if your account is safe or not.
Editors' Recommendations
- Google is making it easier to ditch your iPhone for an Android phone
- The Google app on your Android phone is getting a helpful new feature
- Google Pixel 9: news, rumored price, release date, and more
- Google is making it easier for you to find and download Android apps
- Google just released the first Android 15 beta. Here’s what’s new