More than 1M Android devices infected with new malware

[Valar Dohaeris]

A new malicious software campaign has been detected on more than 1 million Android devices, a cybersecurity firm reported Wednesday.

An average of 13,000 new devices per day are compromised globally, according to Check Point.

The malware first appeared in August and was dubbed Gooligan, a combination of hooligan and Google.

Check Point, which discovered the malware, said the program targets vulnerabilities in Android operating systems, specifically, devices running on Android 4 and Android 5, including the point releases Jelly Bean, KitKat and Lollipop.

Gooligan then spreads through apps downloaded from third-party app stores, i.e. not the official Google Play app store. The apps boast legitimate sounding titles and range in purpose, from mobile games named Slots Mania to the curiously named Kiss Browser.

Once a device is infected, hackers can access a user's data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other apps.

The third-party app stores are most popular in Asia, and Check Point noted that the continent is home to 57 percent of devices infected with Gooligan. Another 19 percent of infected devices are in the Americas, 15 percent in Africa and 9 percent are in Europe.

Check Point offers a free service for Android users to check if a device is infected with Gooligan.

“Gooligan has breached over a million Google accounts," the firm noted in its report. “We believe that it is the largest Google account breach to date, and we are working with Google to continue the investigation. We encourage Android users to validate whether their accounts have been breached."

While Gooligan infects more devices each day, Google and Check Point are working on a fix for the malware. Check Point believes it is a new and pernicious variant of an older family of malware called Ghost Push.

“As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall," Adrian Ludwig, Google's director of Android security, said in a statement.

 

[Zeeshan Farooqi]

Its very important that check all points which mentioned above before using android.

 

[Hamartia Antidote]

Android Malware ‘Gooligan’ Could Compromise 1 Billion Accounts
http://technoaisle.com/android-malware-gooligan-compromise-1-billion-accounts/


App-installing malware found in over 1 million Android phones
http://www.theverge.com/2016/11/30/13792846/googlian-android-malware-install-app-security

A new malware campaign has been discovered in over 1 million Android devices, according to a new report from the security firm Check Point. Dubbed “Googlian” by the firm, the campaign first emerged in August, and is currently compromising devices at a rate of roughly 13,000 per day.

The malware targets vulnerabilities in Android versions 4, 5, and 6 (Jelly Bean, Kit Kat, and Marshmallow), and spreads through seemingly legitimate apps in third-party app stores. More than half the infections are in Asia, where third-party app stores are particularly popular.

A full list of infected apps is included at the bottom of Check Point’s report, which ranges from simple games like “Slots Mania” to a more suspicious app called “Sex Photo.”

The malware takes advantage of two known vulnerabilities in the Linux kernel, allowing it to take control of a user’s device once a malicious app has been installed. From there, the malware compromises the device’s Google authorization token, giving it broader access to the user’s Google account including Gmail, Drive, and Photos.

According to Google, the malware isn’t accessing any personal emails or files. When the Android Security team scanned the affected accounts, it found no evidence of the malware accessing data or otherwise using the token for fraud. There was also no evidence of the malware targeting any particular people or organizations.

Instead, the malware authors seem to be using their powers to game the Google Play app rankings. Instead of downloading inboxes or Drive accounts, the malware installs non-malicious apps from the Google Play Store, leaving five-star rankings for each app. With over a million devices in on the scheme, the result is a huge boost in the Play Store rankings for the targeted app, potentially worth far more than a stolen credit card.

It’s not the first time online criminals have used malware to boost an app’s ranking. Last year, a family of apps called Brain Test tried a similar tactic, only to be removed by Google after the scheme was made public. Google actively scans for potentially harmful apps in the Play Store, but since the apps being boosted aren’t malicious, they’re able to evade the scans.

You can check if your device has been infected by using a tool built by Check Point. If there’s evidence of an infection, reinstalling the system software will completely remove it.

Typically, malware campaigns can be stopped by a quickly deployed software fix — but in Googlian’s case, that fix has already been sent out. The two exploited vulnerabilities date back to 2014 and 2013, respectively, and both have already been patched by Google. Any devices running a version of Android released in the past year are already protected. Unfortunately, because of Android’s fragmented ecosystem, that only covers a quarter of Android devices overall, leaving the vast majority of devices vulnerable to the attack.