BENGALURU: A new variant of Android malware has breached the security of more than one million Google accounts, revealed a study by Check Point Software Technologies Ltd.
The new malware campaign, named Gooligan, roots Android devices and steals email addresses and authentication tokens stored on them. Attackers then access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
“Breaching of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile products.
“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
“As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” stated Adrian Ludwig, Google’s director of Android security.
Among other actions, Google has contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.
The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack text messages.