TECH

New Android Malware 'Gooligan' Has Breached Over 1 Million Accounts

13,000 new devices are affected everyday.

01/12/2016 11:48 | Updated 01 December 2016

Android smartphones have become victim to a powerful new piece of malware called ‘Gooligan’ with over a million devices believed to be breached already.

What makes this particular virus so dangerous is both the fact that it’s growing fast (13,000 new devices every single day) and that it can give hackers complete access to your Google account.

MARK LENNIHAN/AP

That includes your email, photos, text messages and the entire contents of your Google Drive folders.

The malware was discovered by security experts Check Point and the company has confirmed that it is already working closely with Google to try and stop the virus as soon as possible.

The majority of handsets affected are in Asia, but thanks to the speed at which it’s growing there are concerns that it will spread to other regions.

Dave Palmer, Director of Technology at Darktrace said, “Time and again we see that devices and operating systems we hope are secure, are demonstrated not to be. As shown by this latest Google malware attack, criminals can undermine security controls and trick consumers to gain access to their data.”

“Although this incident is focused on older phones, in the last few weeks we have seen major issues with the latest operating systems too, making us question whether our devices are getting any safer.” 

How does it infect your phone?

In the vast majority of cases the researchers were finding that users would try and download apps through a third-party app store. 

This would be an alternative to the Google Play store that still offers what appear to be legitimately approved Android apps. The virus is then hidden within some of these apps and silently installed on the phone along with the app.

Check Point

What does it do?

Once on the smartphone, the virus downloads a new rootkit which in effect gives the hacker access to the phone’s Google account.

As well as having access to everything that’s associated with the Google Account it also gives the hacker the ability to post fake reviews on apps thus artificially raising their reputation.

Finally they’ve also seen instances where the hackers have downloaded adware down onto the device which can then generate illegal revenue.

How can you protect yourself?

The virus only affects smartphones running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop) so the best advice at the moment is to update your phone to the latest possible version.

Another easy way to protect yourself is to only download apps from Google Play directly. Also make sure that you’re only download apps from companies and brands that you know well and trust e.g. Netflix, BBC iPlayer, Prism etc.

How to install a password manager:

  • 1 1Password
    1Password is the 'Swiss army knife' of the group. It'll run on almost anything. It's also one of the easiest to use as well thanks to an ultra-simple interface. Rather than using autofill, 1Password uses extensions in Chrome, Firefox and Safari which gives you quick and easy access to your vault on any of your computers. The iPhone app uses Touch ID. This is a great all-rounder for the single user who just wants a complete solution. Price: $49.99 (Single license)
  • 2 Dashlane
    DashLane is the team player out of the three options here. Offering a similar user interface to 1Password, Dashlane is simple to use and powerful to boot. If you run a small business or even a big business however then this could be the service for you. With variable sharing options you can send passwords to colleagues that also have Dashlane while keeping the password secure even from them. All they have to do is accept, and the app will log them in to the service without them ever having to see the login credentials. It'll work on iOS, Android, Mac and Windows. Price: $39.99 per year.
  • 3 LastPass
    LastPass may be last on the list but it's definitely not the least. This is the veteran password manager and as such has the most features. It'll run on every platform and through every site, it's also customisable to a professional degree with support for biometrics and almost any other authenticating technology you can think of. It may be a little more complex to use but once it's set up LastPass is arguably the most flexible in terms of creating a service that you want. Price: $12 per year
Suggest a correction
Comments

CONVERSATIONS