the researchers of the company specializing in cybersecurity Check Point Software Technologies have identified a new variant of Android Ghost Push malware called “ Gooligan “, guilty of infected up more than one million Google account to date around the world, about 13,000 each day.
The infection can occur in several ways, including through app downloads in turn infected by Gooligan or through the ‘ access to a malicious link added to ‘interior of a phishing scam.
The malware makes the root of the Android device then stealing the token authentication and e-mail addresses, and allowing hackers to get hold of sensitive data contained within the Google applications like Gmail , Photos, Docs, Google Play, and G Drive Suite. By Gooligan, the hackers install illegally some paid applications on the Google Play, making them pay the unfortunate victim. Consider that the malware installs on average 30,000 applications every day thus generating illegal revenue of major proportions.
“This theft of more than one million by the Google Account information is disturbing, and represents the next step of cyber attacks,” explained Michael Shaulov head of the mobile products Check Point. “We noticed that hackers are changing strategy, and now are targeting mobile devices, so to appropriate the stored sensitive data.”
The infection risk in those devices are equipped with operating system versions Android 4 Jelly Bean and KitKat and Lollipop 5 corresponding to approximately 74% of existing smartphone and tablet.
Google has been notified of the fact, commenting that is ongoing in-depth analysis to try to find a solution as soon as possible. Meanwhile, Google revoked the token of affected users removed the affected apps from the store and introduced new defensive barriers within the App Verify technology.
E ‘was SnapPea the first app malevolent identified last year by Check Point, even if the malware was able to recur several times in the new variants, making it difficult eradication. 57% of the affected devices are in Asia, and only 9% in Europe .
E ‘available online any tool to check if the account through which you have enabled the Android device has been infected. If so, Check Point invites you to re-install the operating system.
“If there has been a violation of your account, you’ll have to install a clean operating system on the device. This complex process is called flashing, and we recommend turning off your device and contact a certified technician, or the provider of your service, to back them re-flashing, “concluded Shaulov.
The list of infected apps so far identified is available at this link .