There’s a reason to make sure devices you or you administer have the latest software — the older the software the more likely hackers can find vulnerabilities. Proof of that was demonstrated this week when Check Point Software said it has discovered a new malware campaign that targets devices running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop).
According to the security company these represent nearly 74 per cent of Android devices in use today. It figures over 1 million Google accounts have already been compromised.
The news is also another example of why vendors and carriers have to co-operate to ensure the latest patches for Android devices are made available as soon as possible, and why users have to be disciplined into only downloading Android apps from the Google Play store. Evidence of the malware, dubbed Gooligan, has been found in dozens of legitimate-looking apps on third-party Android app stores, said Check Point. Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.
Apps infected include WiFi Enhancer, StopWatch, Perfect Cleaner, Memory Booster and others.
Gooligan roots Android devices and steals email addresses and authentication tokens stored on them. With this information, attackers can access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” Michael Shaulov, Check Point’s head of mobile products, said in a statement. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
Check Point alerted Google before issuing the release. It said Google issued the following reply: “We appreciate Check Point’s partnership as we’ve worked together to understand and take action on these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Google is contacting affected users, revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.
A new variant of the Android malware campaign found in the backup SnapPea app last year, Check Point says the campaign is infecting 13,000 devices a day, mainly in Asia although 19 per cent of infections are in the Americas.
Check Point has a free tool for detecting the malware. If an account has been breached, do the following:
–A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.” Then change the Google account passwords.