Malware takes control of more than one million Android devices

Malware takes control of more than one million Android devices


A new variant of malware on Google, named Gooligan, affects the security of more than one million Google accounts.

A new virus is raging on Android. Once installed, it manages to take control of the infected device, install applications independently and generate fraudulent income by evaluating it on behalf of the victim. The malware, known as Gooligan, collects Google email addresses and authentication tokens to access data stored on all Google services - Gmail, Google Photos, Google Docs, Google Play, Google Drive G Suite. Google nevertheless indicated in a blog post that it was not able to recover sensitive data.

According to Check Point, more than one million Google accounts are affected worldwide. This number is growing rapidly. 13,000 new devices running on Android 4 (Jelly Bean and KitKat) and 5 (Lollipop) are infected per day. 30,000 applications are installed daily without the agreement of the targeted people, or 2 million applications since the beginning of the campaign. The virus spreads when installing applications from third-party download platforms. The list of these applications is provided in the blog post of the company.

81.165 terminals are involved in Europe, representing 12% of the total number of infected devices. With 169 Android potentially affected, France is relatively untouched by the phenomenon. Cyberattack focuses primarily on Asia, the first continent affected before America (including the North and the South).

Les pays les plus infectés par Gooligan, selon Check Point.

The largest data theft to date

Check Point reports that this is the first infection to have affected more than one million devices. "This data theft of more than one million Google accounts is alarming and allows us to consider new forms of cyber attacks," said Michael Shaulov, head of mobile products at the company. "We are witnessing a turning point in the strategy of hackers, which now target mobile devices directly to obtain sensitive information stored there."

After the discovery of this campaign, Check Point reported the extent of the phenomenon to Google. The company responded by alerting holders of infected accounts by email and incorporating new layers of protection into its application verification tools. A page helps determine if an Android has been infected. Simply enter the Google email associated with your phone. Removing the virus requires installing a new operating system on your phone. Google passwords will need to be changed afterwards.

The attack revealed by Check Point, although particularly important, can be put into perspective. Several leaks of Google data initially considered major have proven to be of lesser severity in recent years. By 2014, only 2% of the 5 million passwords allegedly resold on the dark web were active accounts. Last May, more than 98% of a batch of 23 million stolen IDs were declared invalid by Google.

please share this if you like ;-)

Comments

Popular Posts