Cyber Threat Alert: Massive Gooligan Malware Campaign Targets Android Devices

Over one million Google accounts have been breached by a new and growing vicious malware attack campaign named Gooligan. The breaches are increasing at an additional 13,000 devices each day.¹ The malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more. 

A variant of the Ghost Push family of malware, Gooligan installs at least 30,000 apps fraudulently on breached devices every day. It is believed that this activity may serve to help finance the campaign. The malware simulates clicks on app advertisements provided by legitimate ad networks and forces the app to install on a device. The network pays the attacker when an app is successfully installed.

What’s Driving Mobile Device Crime?

The speed, power and storage space on mobile devices has increased exponentially over the past few years.  As a result more people are using their devices in more places for transactions that involve sensitive business as well as private and financial data. That makes cybercriminals very interested in targeting the mobile device and helping to drive the growing malware threat.² To put things in perspective, there were approximately 3,944 new android mobile malware variants discovered in 2015, up 77%.³ 

Cybercriminals are also finding it too easy to gain access to your phone. For example, with Stagefright, if the cybercriminal knows the intended target’s phone number, that’s all they need to launch an attack. It’s possible for an attacker to hack a phone, implant a remote access tool, and cover any trace that the attack had occurred; all while the phone was charging overnight on the victim’s nightstand.³

Protecting your Device Against Malware: Security Best Practices

As common sense as these best practices are, many neglect to make them a standard procedure in their mobile device usage. McAfee Intel Security provide us with these “Best Practice” reminders:²

1. Update!--To keep your data secure and private, you have to keep cybercriminals from getting a foothold on your devices. The majority of malware infections could be prevented by simply keeping your system up to date with the latest OS and application updates.

2. Use Only Official App Stores--As Intel Security scans the app stores for malicious apps, app stores are alerted when new malicious apps are found, so even if something slips through, you are still safer going through a trusted app store than going through an unverified source.

3. Review App Reputation Scores--We have found there are many apps that while not technically malicious, do disclose far too much personal information without a legitimate reason. Because of this, it is important to be aware of an app’s security and privacy reputation.

4. Be Suspicious--Cybercriminals will try all sorts of methods to get your data, and one of the more successful methods is social engineering. Always be wary of clicking on any link in an email or SMS you weren’t expecting to receive. This includes messages from people you know, as they may have been infected and don’t realize they are sending malware.

5. Use Comprehensive Security Software--Keeping your mobile device up to date will help you stay safe from older viruses, but you should also install anti-virus software on your devices to protect against new threats or older threats that haven’t yet been fixed by OS or application updates. Most have other benefits such as looking for apps that may be suspicious based on the permissions they are asking for and notifying you when you’re about to connect to a potentially unsafe Wi-Fi.

Sources:

¹infosecurity-magazine.com, “Gooligan Malware Braeches 1M+ Google Accounts,” November 30, 2016

²McAfee Intel Security, “Mobile threat Report: What’s on the Horizon for 2016,” 2016

³Symantec, “Internet Security Threat Report,” April 2016