December 1st, 2016
What's the issue?
An Android malware called Gooligan is the cause of the latest breach of over one million Google Accounts. The malware was first reported by Check Point Software Technologies, whose security research team also found that the malware continues to infect 13,000 Android devices every day.
How does it happen?
The Gooligan malware can infect a vulnerable device if the user clicks on a malicious link through phishing, or by downloading an infected third party app. The vulnerable devices include Androids running OS version 4 (Jelly Bean and KitKat) and version 5 (Lollipop).
Once a device is infected the criminals will root the device to gain complete access and control of the device, allowing them to steal the user's Google Account tokens. The token allows access to all Google products such as Google Docs, Google Photos, Google Drive, and Gmail. The Director of Android Security, Adrian Ludwig, who has confirmed this Gooligan breach, revealed that there is no evidence of fraudulent activity among the affected Google Accounts as of last report. In Check Point's investigation, they discovered that the criminals are accessing breached Google Accounts to install apps from Google Play to the devices without the user knowing. These fraudulent app downloads are then rewarded with payment from the ad services to the criminals.
What should I do?
- If you have a Google Account, you should change your password to a strong 14 or more character password with combination of letters, numbers and symbols
- Check your Android device for any apps you did not install and delete them, also run antivirus to remove any threats
- In some cases a re-flash of your Android device by a certified technician or your service provider may be required to complete remove the threat
- Update your Android device to the latest OS
- Be careful of the links you click on, only open links or attachments from people you are expecting from
- Avoid downloading apps outside of Google Play