Android Gooligan: If you have an Android smartphone, you might want to check if it's broken. A new Android malware that has already breached over 1 million Google accounts and infects about 13.000 devices every day.
They called it Gooligan and can root on Android devices devices to steal the email addresses and authentication IDs that are stored.
With this information, attackers are able to violate your Google Account and access sensitive information from Google apps such as Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
Researchers found traces of Gooligan's code in dozens of legitimate apps search Android apps found in third-party app stores. If you use any of these apps on your Android device, the malware starts sending the information inside it to the hacker's (C&C) server.
"Then Gooligan downloads a rootkit from the C&C server that can exploit many vulnerabilities in Android 4 and 5, including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153)," the researchers said.
"If the root is successful, the attacker has complete control of the device and can execute privileged commands remotely."
Σύμφωνα με τους ερευνητές ασφαλείας της CheckPoint, οι οποίοι αποκάλυψαν το κακόβουλο λογισμικό, κάθε χρήστης παλαιότερης έκδοσης του λειτουργικού συστήματος Android, (4.x Android Jelly Bean, KitKat και 5.x, Lollipop είναι σε κίνδυνο. Τα λειτουργικά αυτά υπάρχουν στο 74% των συσκευών με Android που βρίσκονται σε χρήση σήμερα.
"These exploits can hit many devices today, because the security patches that fix them may not be available for some versions of Android, or were not installed by the user," the researchers added.
Once he has violated any Android device, Gooligan starts generating revenue for hackers by buying applications from the Google Play Store and writing reviews on behalf of the phone owner. Malware also installs adware to generate extra revenue to hackers.
Google's official position on the issue, as we received from the company:
"We appreciate its contribution Check Point which we have worked with to understand and address such issues. It is worth emphasizing that as part of our ongoing effort to protect users from the "family" of malicious software Ghost Push, we have taken numerous measures and we are taking protective measures to improve security throughout our ecosystem Android. In particular, our actions include: the revocation of token Google Accounts of users whose devices have been infected, providing clear instructions to reconnect safely, disabling related applications from infected devices, ongoing development of verification applications, and ongoing improvements of SafetyNet to protect users from these applications in the future and our collaboration with ISPss) to eliminate this malware completely. "
Adrian Ludwig, Android Security Director
How to check if o account Has your Google account been hacked?
Check Point has published an online tool that will help you check if your Android device is infected with the Gooligan malware. Just open “Gooligan Checker” and enter your email address (Google) to find out if you have hacked.
If you find yourself contaminated by yourself, Adrian Ludwig, director of Google's Android security, recommends that you perform a clean installation of the operating system on your device.
Let's mention that with this tool Check Point will collect as many emails as it has never collected since it started operating…
https://gooligan.checkpoint.com/
