According to researchers, one million users’ Google accounts have been breached by a new Android malware.
Gooligan malware
Such infections are dubbed as Gooligan malware and are targeted at the Android OS, with Asia being a thriving ground. Most of the million accounts that have been breached from August this year are located in Asia, according to researchers. Google, however, has not made any response when requested to make a comment on the attacks.
How it Works
The malware enters mobile phones and devices that run on Android OS and steals the information from the user’s Gmail account, Google Photos and Docs, Google Play and Drive and G suite, according to the researchers at Check Point, Software Technologies. The attacker can generate revenues by way of installation of applications from the Google Play app on the phones that are infected.
Third Party Apps
Gooligan is able to infect a device when the user makes a download or an installation of an app that is infected by Gooligan through third party application stores. The infection can also enter phones when the user taps on a malicious link in a phishing attack. Once the infected application has been installed on the user’s phone, the data of the phone is sent to the main server of the malware and it downloads the rootkit, enabling attackers to get full control of the user’s mobile device.
Shift in Strategy
According to Michael Shaulov, the mobile product head at Check Point, the theft of such Google accounts is being conducted on a large scale and presents the latest stage of cyber attack on mobile devices. The hackers are shifting to a new strategy and are attacking mobile phones, so that they can get sensitive information stored by the user.
Centered in Asia
The attacks are mostly on phones located in Asia, with about 57% of them affecting Asian devices, whereas 9% of the attacked devices are in Europe. 15% of the devices are in Africa with 19% of them in America.
Older Version of OS
According to Steve McWhirter, the VP of Check Point, Software Technologies, for Asia as well as Middle East and also Africa, the malware seems to occur more in older versions of the Android OS, that is, the OS 4 and OS5 version. According to some sources, these older versions are more prevalent in Asia than elsewhere.
The malware is targeted at mobile phones that run on earlier Android OS, such as the 4.1 Jelly Bean and the 4.4 KitKat version as well as the 5.0 Lollipop version. All these versions constitute about 74% of the Android phones of the market.
Flashing
Users of Android devices who feel that their devices could have been attacked by the malware, can go through something known as flashing. Service providers or even certified technicians can conduct the flashing procedure, according to Check Point, Software Tech. However, they add that users must immediately make a change to the passwords on their Google accounts after the flashing is done.