Security experts at Check Point have discovered a new very aggressive form of Android malware that already compromised no less than 1 million Google accounts and which can infect approximately 74 percent of the Android phones currently on the market.
The firm warns that the malware which they call Gooligan is injected into a total of 86 Android apps that are delivered through third-party marketplaces (you can check the full list of apps in the box at the end of the article). Once installed, these apps root the phone to get full access to the device and then attempt to deploy malicious software which can be used to steal authentication tokens for Google accounts.
This pretty much gives the attackers full control over the targeted Google accounts, and as long as vulnerable phones have Gmail, Google Drive, Google Chrome, YouTube, Google Photos, or any other Google app that can be used with an account, there’s a big chance that the attack is successful.
The security experts explain that the malware can infect devices running Android version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop), which according to Google’s own stats are powering no less than 74 percent of the Android phones currently on the market
Gooligan is based on a previous form of malware known as Ghost Push and spotted in the fall of 2015, but this new series of attacks is significantly more aggressive and using many more apps to target devices. Approximately 1 million accounts have already been compromised, the security experts warn.
In a post on Google+ (paradoxically, the malware also attempts to steal the authentication token of Google+), Android security engineer Adrian Ludwig points out that Google is already aware of Gooligan and is working on several tools that could help protect users.