En ny meget farlig ondsindet kampagne blev lige opdaget af forskere ved Check Point. Angrebet kampagne er døbt Gooligan, og det lykkedes at bryde sikkerheden på mere end en million Google-konti. Researchers say that this huge number continues to grow every day, med 13,000 breached devices on a daily basis.
Relaterede: Ny Android Malware Mål 15 tyske banker
The malware roots infected devices and steals authentication tokens. These tokens can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G-suite, Google Drev, etc. This is in fact the same malware discovered last year in the SnapPea app. The Check Point team already contacted Google with their findings. The giant is currently investing Gooligan.
Adrian Ludwig from Google has already released a statement, sige, at:
Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we’ve worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. This morning, Check Point detailed those findings on their blog.
Så synlig, the malware in question is indeed a Ghost Push variant that is currently plaguing older versions of Android.
Who Is Affected by Gooligan?
Ifølge forskning, the malware is targeting devices running Android 4 (Jelly Bean, KitKat) og 5 (Slikkepind). These versions of the operating system represent at least 74% of today’s in-market devices. 40% of these devices are found in Asia and 12% – I Europa. Numerous fake applications were discovered to have been infected with Gooligan. A list of apps that may have infected users with the malware can be found her.
If you have downloaded any of them, you may be infected. Researchers encourage users to review their application list in Settings-Apps to make sure they are safe… or not safe. I tilfælde af infektion, an anti-virus product for mobile should be used as soon as possible.
Endvidere, users can also check whether their Google accounts have been breached by accessing a internet side created by the security company for the occasion.
If a user’s account has been breached, følge disse trin:
1.A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
2.Change your Google account passwords immediately after this process.