‘Gooligan’ Android Malware Has Compromised 1 Million Google Accounts

Security researchers from Check Point Software Technologies have discovered a family of Android-based malware dubbed ‘Gooligan’, that has been has been found in at least 86 apps available in third-party marketplaces, and has the ability to gain root access of 74% of Android phones.

According to ArsTechnica, the malware can easily gain system access to devices running Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop versions of Google’s Android OS. Once infected, these devices download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password.

The source adds that these authentication tokens can be used to access a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. [..] After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user.

Meanwhile, Android security engineer Adrian Ludwig has said in a blog post that Google has been working closely with Check Point for the past few weeks to investigate Gooligan and to protect users against the threat it poses.

For for information about Gooligan, hit up this link.