Android Malware Gooligan To Have Hijacked Over 1 Million Google Accounts

The Trojans should rooten Smartphone and copy authentication token from Google accounts. Through an online service, you can check if your account is affected.

Unknown attacker to smuggle infected apps in app store third-party with the newly discovered malware Gooligan. Who installed a such prepared app on the Android smart phone, opens the door, attackers checkpoint security researchers warn.

In addition, infected apps to spread via drive-by downloads. Every day the attacker to compromise 13,000 devices via these routes, run the security researcher. There was so far the most incidents with 57 percent in Asia. Nine percent of incidents reports check point for Europe.

Gooligan to smartphones with versions 4 (jelly bean, KitKat) and 5 (lollipop) of the Android operating system rooting can. So that this works, Gooligan use two vulnerabilities (CVE-2013-6282 and CVE-2014-3153), check point is explained. In their message, they show an excerpt from infected apps.

Encrypted out leveraged sandbox

The assault succeeds, an attacker with the can make devices, what they want: the root position gives them the central authority over the Smartphone. The root approach by Android devices using malware apps is not new–here Google accounts via this route were hijacked but for the first time. Also accounts of some government agencies are included.

Android lock encrypted in a sand box the authentication token for the Google account. But with root privileges, everything becomes transparent and Gooligan can pull off a readable token. Who owns them, can be accessed on the associated Google account and the entire Google services – thus bypasses and the two factor authentication, explains how checkpoint.

Now revoke token

Google assured that they have notified affected Google users. Also, the disconnected authentication tokens are to be no longer valid.

Who fears for his Google account, can check on a service Web page, whether his account was compromised. This is the case, you should quickly change his password and completely reset the infected Smartphone and new Flash.

Infections since summer 2016

Since August of this year watch soaring infection rates according to security researcher own data. To finance the malware campaign, Gooligan is in the background on legitimate advertising click and install the advertised apps on devices. For this, the elders collect a Commission. Currently, this should have happened up to two million times. (the)