A newly discovered Android malware dubbed Gooligan, infecting as many as 13,000 devices per day, is hijacking Google accounts to install apps from the Play Store and leave fake reviews. Here’s what you need to know.
Android and malware are, unfortunately, two words that just can’t quite escape each other. Whether it is fair or not – and it probably is – Android has something of a reputation for perhaps not being the most secure of operating systems. It’s something that both fans of Apple’s iPhone and indeed Apple itself have been keen to hold over Android, and a newly announced malware discovery means that isn’t going to change that any time soon.
The latest malware, discovered by security firm Check Point, is apparently infecting as many as 13,000 devices per day and has been out in the wild since some time in August.
Dubbed Gooligan by the folks at Check Point, this new malware isn’t actually new at all. In fact, it takes advantage of security holes within the kernel of Android versions 4 and 5, which have since been plugged, but given Android’s fragmentation problem, that still leaves a huge number of devices that are out in the wild and are susceptible to a malware attack.
The way Gooligan works is surprisingly simple. Users install an app from a third-party app store that happens to be carrying the Gooligan malware. This then infects the device on which it was downloaded and takes control of it via the aforementioned security flaw. Next up, the malware compromises the device’s Google authorization token, which in turn gives it access to the user’s Google account including Gmail, Drive, and Photos. As it turns out though, that isn’t the point of the attack.
Rather than take advantage of its newfound access in predictable ways, Gooligan instead runs off to the Google Play Store and downloads seemingly legitimate apps as well as adware. The fun, however, starts when it begins to leave 5-star reviews for those apps, apparently in an attempt to game the review system within the store. With so many devices infected, it’s possible that apps receiving fake reviews thanks to Gooligan could certainly benefit, so much so that Gooligan is apparently best used in this way rather than simply stealing credit card data.
The fix for Gooligan has, of course, already been rolled out, but if Android devices never receive the update due to carrier and OEM software upgrade madness, this particular brand of malware could be in for the long haul.