Do you ever install “untrusted” software from third-party developers on your Android devices? Researchers at Check Point Software Technologies have recently released details on a new piece of Android malware called Gooligan. As of today, Gooligan has compromised more than 1 million Google Accounts and that total is growing daily by roughly 13,000 accounts, as individuals continue to download infected applications.
Check Point has traced Gooligan back to an application named “SnapPea”. Last year “SnapPea” was identified as malware, but the presence of the infection must have not been widely known by users of Android devices. Unfortunately, the technology firm has now linked Gooligan to dozens of other legitimate looking third-party applications.
Once the applications are loaded onto a device (by allowing the installation of untrusted applications) it installs Gooligan, which then gains access to your entire Google account (Google Docs, Google Drive, Good Photos, Gmail, and Google Play). Check Point also states that Gooligan can be installed through phishing attacks via email, text or other messaging service. The body of these communications also look like they are coming from a legitimate source, so they can be hard to detect.
Unfortunately, attackers get more than private data with Gooligan. They can actually turn your Android device into a money-making machine. The attackers will first steal your account and authentication token information. Then they will use your credentials to install adware that ends up generating revenue. Check Point has stated that this is “the largest Google Account breach to date” and has advised that Google has been notified.
We suggest a few ways to protect yourself from Gooligan. First, you should not install any untrusted applications on your Android devices. Checking that simple “untrusted” box in your device to install a third-party application can have major impacts on the security of your mobile devices. Only download applications from the Google Play Store. Second, you should keep an eye on the “From” section in your email headers, text and other messaging applications. Lastly, but most important, is to head over to Check Point’s web site. The company have developed an online tool to check if your Google Account has been breached. Once on the site, all you have to do is enter your email and hit check.
Check Point’s Gooligan Online Tool