Google’s Android has been facing public ire for its security vulnerabilities, and looks like that is bound to continue for some more time. Now, security researchers from Check Point Software Technologies have found this new malware family, that it calls Gooligan (probably inspired by hooligans) has comprised about 1 million accounts.
How Gooligan works?
It is found in at least 86 apps that are available in third-party marketplaces. Once installed, it uses a rooting process to gain privileged access to your system. It is said to affect devices running version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and also version 5 (Lollipop). It should be noted that the vulnerable versions account to 74 percent of users.
So, the rooted devices will then download and install the software that steals authentication tokens, and giving it access to the device owner’s Google-related accounts sans the need to enter the password. These tokens will work on several Google products including Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite.
Basically, a Google authorisation token is a way to access the Google account and the related services of a user that is issued by Google. Once stolen by a hacker, they can use this token to access all your Google services.
Devices infected region-wise
Gooligan has been infecting 13,000 devices each day, and probably the first to root over one million devices. Email addresses linked to enterprises have been victim of the malware. Of all the devices infected, 57 percent are in Asia.
How to find out if your device is infected
Those who have been downloading apps from sources apart from the official Play Store, and want to check if their account is compromised can do so at this checkpoint.
Check this list of apps, if you have downloaded any one of these then your device is infected.
Yes, my device is infected. Now what?
Check Point reports lists out two things that you would have to do. Firstly, a clean installation of the operating system on your mobile device via a process called “flashing”. This is a complex process, and it is recommend that users power off their device and approach a certified technician/mobile service provider. Secondly. change your Google account passwords as soon as possible.
It is also recommended that you should not download Android apps from stores, apart from the official Google store.