Intrusive software cloaked as genuine apps for Android tablets and smartphones have hacked more than a million Google accounts since August. The apps come in different friendly and innocent sounding names, like Wi-Fi Optimizer, RAM Cleaner and Battery Maximizer. The campaign is a new variant of android malware named Gooligan.
Check Point Software reported this malware is breaching the security of more than 1 million Google accounts and counting. It burrows into Android devices and loots email addresses as well as authentication data stored on the device.
With the amount of data stolen, Gooligan hackers can easily get access to the user's data from Gmail, Google Photos, Google Docs, Google Drive, G Suite, and Google Play. In addition, it can also take control of the device and install other apps and ad-spawning software without permission. And the worst of all, it can use the user's username and password to hack bank accounts or post fake reviews and status.
The entire Gooligan campaign infects 13,000 devices a day and the first ever to root on over a million devices. Hundreds of email addresses associated with business accounts worldwide were discovered infected. Gooligan pries on devices using Android 4 like Jelly Bean and Kitkat, and Android 5 or Lollipop which comprises 74 percent of androids in use today. Every day, this malware installs, on a minimum, 30,000 apps on hacked devices, or more than 2 million apps since the anomaly began.
Gooligan is a type of malicious software Ghost Push. Last year, Google was able to track more than 40,000 Ghost Push apps. Ghost Push is an immense collection of PHAs or Potentially Harmful Apps and is classified as hostile downloaders. These apps are often downloaded outside Google Play and upon installation, automatically download other apps. According to Adrian Ludwig of Google, their system at present detected and prevented installation of over 150,000 types of Ghost Push.
Google claimed that it has already booted apps linked with Ghost Push from Google Play. The company has also taken measures by disrupting the servers used by Gooligan creators to secure compromised Google accounts. As for users, the company advised to continuously update their operating systems. Gooligan thrives on Androids that are not updated. Users not updating their system are making their devices vulnerable to attacks and exploits by this kind of malware.
