Security firm Check Point Software Technologies Ltd recently announced the breach of more than one million Google accounts by a new Android malware named Gooligan. The malware steals email addresses and authentication tokens stored on them.
The release notes that with this information, attackers can access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile products. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
Some of the key findings from the report include:
- After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim.
- Every day Gooligan installs at least 30,000 apps on breached devices, or over 2 million apps since the campaign began.
- Hundreds of the email addresses are associated with enterprise accounts worldwide.
Check Point reached out to the Google security team immediately with information on this campaign. The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack messages. The apps involved had innocent-sounding names, such as StopWatch, Perfect Cleaner and Wi-Fi Enhancer.
At IP Lasso, we constantly monitor millions of apps to ensure that major brand owners IP is not compromised by fraudsters. If you would like a free brand report, drop us a note, we would love to hear from you.