Fresh off the heels of the infamous ‘Stagefright’ malware that took the Android ecosystem by storm, comes a new malware. Only this malware’s goal isn’t to infect your phone. According to Google, the malware isn’t accessing any personal emails or data. The main goal of the so-called ‘Gooligan’ virus, is to force Android users to download apps as part of a massive fraudulent advertising scheme. Forbes reports the creators of Goolgian making almost $320,000 a month.
How this works is that he malware infects a device after a user downloads and installs a “Gooligan”-infected app on third-party app stores or the Google Play Store. Once the infected app is installed, it sends data about the device to the malware’s main server and downloads a rootkit, which enables the attacker to gain control of the mobile device. They utilize various common rootkits such as VRoot or Towelroot.
Many reports state that Asia is the main source for the malware infection aimed at Android operating systems, with the majority of the million Google accounts breached since August located there, researchers said. Around 57 percent of the affected devices are found in Asia, while 9 percent are in Europe. Another 15 percent of breached devices are in Africa and 19 percent are in the Americas.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” Michael Shaulov, Check Point’s head of mobile products said.
Checking if you Have it
From the Indian Express
Check Point has a website created called (https) gooligan.checkpoint.com where users can enter their Gmail address and check if it was breached. For those whose accounts were breached, Check Point recommends flashing your phone, and a reinstallation of the OS on the mobile device. It is best to get this done at an authorised service centre and it is also recommended that users change their Google account password after doing so.