‘Gooligan’ malware breach is one of the ‘biggest ever’ to hit Google, Android
More than one million Google accounts have been infiltrated by malicious software that experts claim could attack 74 per cent of all Android phones on the planet.
The offending malware (software created to damage computer systems) was nicknamed “Gooligan” by computer security firm Check Point, which discovered the cyber weapon.
“Gooligan” had accessed 1.3 million Google accounts since August 2016 and continued to grow at a rate of 13,000 breaches a day, Check Point claimed. The firm judged the breach potentially the biggest single theft of Google accounts on record.
“The malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more,” Check Point wrote in a blog post.
Check Point created a website where Android users and Google Account holders could check if they have been attacked. The website also included instructions on how to fight the malware if your device had been breached.
“Gooligan” enters devices when Android users download apps from non-Google or Android authorised app stores.
It then forces the Google Account on your device to give fake reviews to apps and notch fake advertisement views.
These third-party app stores sell apps cheaper or sometimes make them available for free. All of this generates revenue for whoever is behind “Gooligan”.
University of New South Wales Dr Gideon Creech, a lecturer at the Australian Centre for Cyber Security, told The New Daily “Gooligan’s” magnitude was “scary”.
“‘Gooligan’s’ scale is significant across the internet, there are some scary stats in the Check Point report,” Dr Creech said.
Here’s how the ‘Gooligan’ malware works, according to Check Point. Photo: Check Point
“The malware’s impact is to generate revenue … it’s purely designed to simulate a user generating revenue.”
Any Android user running a Android 4 (KitKat, Jellybean) or 5 (Lollipop) operating system is at risk of being hit by “Hooligan”.
Check Point warned that 57 per cent of all breached accounts were from Asia (which included Australia).
Google working on a fix
In a statement posted to Google+, Google’s director of Android security Andrew Ludwig wrote that his team had been tracking this “family of malware” since 2014.
“We take these investigations very seriously and we wanted to share details about our findings and the actions we’ve taken so far,” Mr Ludwig wrote.
Google and Android users hit are potentially exposed. Photo: Getty
“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall.”
The threat from “Gooligan” and its family of malware was being fought, but had not been neutralised, Mr Ludwig confirmed.
Dr Creech said it seemed Google had been doing its best to rectify the problem.
But he said because Android’s operating systems were fairly open, compared to Apple’s tightly-closed control over iOS and iPhones, there was a higher risk of such breaches.
“It doesn’t look like any personal information is being stolen at this stage, but that certainly is a risk.”