Attacking versions 4 and 5 of Android, Gooligan takes control of smartphones and tablets to hack user accounts and install apps from the Play Store. The goal: fraudulent promotion of apps.
Researchers at security company Check Point Software Technologies have revealed the existence of a new malware that attacks Android devices. Called Gooligan, it concerns versions 4 (Ice Cream Sandwich, Jelly Bean and KitKat) and 5 (Lollipop) of the operating system of Google, about 74% of the Android machines of the market, and reaches to obtain high privileges by unblocking The apparatus (rooting technique).
Once the smartphone or tablet is infected, the hacker remotely installs tools to intercept the Google account authentication tokens. This would allow him, in theory, to access Gmail, Google Photos, Google Drive, Google Docs, etc. But the data of the users do not really seem to interest the hackers. Access to the Google Account allows them to download apps from the Google Play Store and give notes. To trick the Google store, malware is able to mimic software behavior of a real user. A technique that we had already seen last July, with HummingBad malware. At the same time, the Gooligan hackers install software on the terminal to display advertisements.
According to Check Point Software Technologies, more than one million accounts have been pirated, including 57% in Asia, 19% in America, 9% in Europe and 15% in Africa. Worse still, the number continues to increase with 13,000 compromised devices per day. Only consolation, a site allows to quickly know if a Google account is compromised or not.
The infection technique is rather conventional: either by a fraudulent application or by an e-mail, or even a SMS, of the phishing type, which contains a link to an infected application. The official apps of Google Play Store are generally not affected but there are alternative stores that offer apps that are often free, but also often illegal. Check Point researchers identified 86 applications containing Gooligan.
At Google, Adrian Ludwig, chief security officer for Android, said working with Check Point to fight this malware, which is part of the family of “Ghost Push” applications, specializing in spam, click fraud Or download fraud. Google confirms that the Gooligan does not steal information but is limited to advertising and promotion of applications. The web giant has nevertheless strengthened Verify Apps service from Android to detect the presence of Gooligan on devices and warn the user.