A security firm released a report about the Android malware called Gooligan that has compromised over one million devices. The malware targets user’s Google account and gain access to it.
Check Point, an IT security firm, has discovered that over one million Android users were hacked through the Gooligan malware. The malware is compromising Android devices at a rate of 13,000 per day without user’s idea that his device was infected.
According to The Verge, Gooligan targets Android Jelly Bean, Kit Kat and the Marshmallow operating system. It targets the weak spot of Linux kernel and compromising Google authorization token which leads to access Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and a lot more.
An Android device will be infected with Gooligan malware if the user has installed a legitimate-looking application on the device. Once installed, the malware then sends data of the user’s device to the Command and Control server.
According to Check Point, Gooligan malware downloads rootkits to gain root access on user’s device. It then downloads a module that injects itself on Google Play or Google Mobile Service. This module allows the malware to steal user’s Google account information, install adware for revenues and install Google Play apps without the user’s knowledge.
However, Google has denied the claims of Check Point that the Gooligan malware had access to affected Google accounts. According to Google, there is no evidence that malware had gained access to data and use token fraud. Instead, the malware install apps from Google Play Store and leaving automatic five-star rates for each app that it intended to boost rankings in Play Store.
Meanwhile, to be sure that the user’s account is not breached, Check Point built a tool to check user’s Gmail account. If the user’s account is infected with Gooligan malware, Android owners are advice to reinstall their device’s system software.