Gooligan Android malware breached 1Million users
FYI Android users, you have to read this article courtesy by HelpNetSecurity.com if you’re an Android smart phone user. I actually read it first from CNN website and again today.
Sponsored by Termed.com Life Insurance.
Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts.
Key findings
- The campaign infects 13,000 devices each day and is the first to root over a million devices.
- Hundreds of email addresses are associated with enterprise accounts worldwide.
- Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent nearly 74% of Android devices in use today.
- After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim.
- Every day Gooligan installs at least 30,000 apps on breached devices, or over 2 million apps since the campaign began.
Check Point reached out to the Google security team immediately with information on this campaign. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” stated Adrian Ludwig, Google’s director of Android security.
Among other actions, Google has contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.
Check Point’s Mobile Research Team first encountered Gooligan’s code in the malicious SnapPea app last year. In August 2016, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack messages.
Source: HelpNetSecurity.com
I hate visiting CNN.com website due to auto-loading of videos, it’s annoying. Anyway, I gathered some useful information for you to know. Here they are.
According to Check Point, here’s the list of potentially infected apps:
- Perfect Cleaner
- Demo
- WiFi Enhancer
- Snake
- gla.pev.zvh
- Html5 Games
- Demm
- memory booster
- แข่งรถสุดโหด
- StopWatch
- Clear
- ballSmove_004
- Flashlight Free
- memory booste
- Touch Beauty
- Demoad
- Small Blue Point
- Battery Monitor
- 清理大师
- UC Mini
- Shadow Crush
- Sex Photo
- 小白点
- tub.ajy.ics
- Hip Good
- Memory Booster
- phone booster
- SettingService
- Wifi Master
- Fruit Slots
- System Booster
- Dircet Browser
- FUNNY DROPS
- Puzzle Bubble-Pet Paradise
- GPS
- Light Browser
- Clean Master
- YouTube Downloader
- KXService
- Best Wallpapers
- Smart Touch
- Light Advanced
- SmartFolder
- youtubeplayer
- Beautiful Alarm
- PronClub
- Detecting instrument
- Calculator
- GPS Speed
- Fast Cleaner
- Blue Point
- CakeSweety
- Pedometer
- Compass Lite
- Fingerprint unlock
- PornClub
- com.browser.provider
- Assistive Touch
- Sex Cademy
- OneKeyLock
- Wifi Speed Pro
- Minibooster
- com.so.itouch
- com.fabullacop.loudcallernameringtone
- Kiss Browser
- Weather
- Chrono Marker
- Slots Mania
- Multifunction Flashlight
- So Hot
- HotH5Games
- Swamm Browser
- Billiards
- TcashDemo
- Sexy hot wallpaper
- Wifi Accelerate
- Simple Calculator
- Daily Racing
- Talking Tom 3
- com.example.ddeo
- Test
- Hot Photo
- QPlay
- Virtual
- Music Cloud
Wow that’s a lot of malicious apps at Google 🙁
Check Point actually setup a website for you to check if your devices have been hacked. Visit Gooligan.CheckPoint.com website, then enter your Google email address and wait for the response.
I tried my email address, and this is my result.
If you notice, there is an advertising from Zone Alarm. This is an option for you to purchase.
And if you’re BREACHED, seek a professional computer geek’s help to assist you cleaning up your device.
Be safe out there.
