Yet another malware in android is doing the rounds and claims that it has already infected 1 million Android devices. Known as Gooligan, this malware roots your device first and then downloads a module by itself. Then the module gets activated and takes control of your Google account to access users private data. Those apps at risk include Gmail, Google Drive, Google Photos, Google Docs, and more. Any device running on Jelly Bean, KitKat, or Lollipop is currently at risk. As discovered by security firm Check Point Software Technologies, Gooligan first emerged in August. Since then it has wormed its way onto 1 million Android devices, currently infecting around 13,000 devices every day.
How do Android devices become infected?
The traces of the Gooligan malware code was found in dozens of legitimate-looking apps on third-party Android app stores. These stores are an attractive alternative to Google Play as many of their apps are free or offer free versions of paid apps. However, the security of these stores and the apps they sell aren’t always verified as anyone would guess. Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.
How do you know if your Google account is breached?
You can check if your account is compromised by accessing the following website that Checkpoint created – https://gooligan.checkpoint.com/
My account is breached, what next?
A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request your device to be “re-flashed.” Also, change your Google account passwords immediately after this process.
Who is affected?
Asia being the topper, the malware is distributed all over the world.
