A new Android malware, called "Gooligan", is responsible for what’s believed to be the biggest theft of Google accounts on record. The strain has infected as many as 1.3 million Android phones since August. This latest hack has compromised devices stealing the tokens users are given to verify they are authorized to access accounts.
But it looks like it's main goal is not to pilfer all the juicy Google data, rather it's looking to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.
According to researchers at Check Point, it's spreading at an alarming rate - racking up an average of 13,000 new infections every day. Once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to take complete control of it. To do that, the attackers have used long-known vulnerabilities on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion.
Once Gooligan has control of the phone, the victim’s Google account token is siphoned off to a remote server and could be used to gain access to their Gmail, Docs, Drive, Photos and other data, even where two-factor authentication is turned on. Check Point’s researchers were able to trace that server, uncovering a stash of 1.3 million real Google accounts.
To avoid infecting your device, you should only download apps from the official Google Play store. You can go to this site that Check Point has built to see if your Google account was breached. If your phone is infected, things get a little more difficult. Check Point recommends wiping out your phone and re-installing a clean operating system. This is complicated, so it's best to turn off your device and get professional help. And then once your phone has been fixed by a pro, make sure you change all of your Google passwords.
On a related note, if you'd like to see how your company's security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.