14 DAY TRIAL // Security experts at Check Point have discovered a new very aggressive form of Android malware that already compromised no less than 1 million Google accounts and which can infect approximately 74 percent of the Android phones currently on the market.
The firm warns that the malware which they call Gooligan is injected into a total of 86 Android apps that are delivered through third-party marketplaces (you can check the full list of apps in the box at the end of the article). Once installed, these apps root the phone to get full access to the device and then attempt to deploy malicious software which can be used to steal authentication tokens for Google accounts.
This pretty much gives the attackers full control over the targeted Google accounts, and as long as vulnerable phones have Gmail, Google Drive, Google Chrome, YouTube, Google Photos, or any other Google app that can be used with an account, there’s a big chance that the attack is successful.
The security experts explain that the malware can infect devices running Android version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop), which according to Google’s own stats are powering no less than 74 percent of the Android phones currently on the market.
Gooligan is based on a previous form of malware known as Ghost Push and spotted in the fall of 2015, but this new series of attacks is significantly more aggressive and using many more apps to target devices. Approximately 1 million accounts have already been compromised, the security experts warn.
Google already fighting the malware
In a post on Google+ (paradoxically, the malware also attempts to steal the authentication token of Google+), Android security engineer Adrian Ludwig points out that Google is already aware of Gooligan and is working on several tools that could help protect users.
Ludwig explains that the company has already revoked the Google Account tokens from the affected devices and is now providing instructions for users to sign back in and, at the same time, it’s also trying to take down the malware by working with ISPs that provided servers used to host and control Gooligan.
Additionally, all apps that are in any way related to the malware have already been removed from Google Play, but given the fact that they are anyway spread via third-party app stores, the risk remains.
And last but not least, Google and Check Point launched tools that could help a user find if their device is infected or not, and you can read about them below.
How to check if your phone was infected
First and foremost, if you want to make sure if your Google account was compromised by malware or not, you can head over to the Gooligan Checker where you can provide your email address for a quick scan. This service was created by Check Point and is totally legit.
Additionally, Google says that it has already updated the feature called Verify Apps to block users from installing infected apps. “Even if a user tries to install an offending app from outside of Play, Verify Apps has been updated to notify them and stop these installations,” the firm says.
Ultimately, have a look at the list below to see all the apps that are said to be infected with Gooligan. If you’ve already installed one of them and your account was compromised, the only way to recover is to change your Google Account password and reflash a clean version of Android on your phone.