Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Android Google Security

More Than 1 Million Android Devices Rooted By Gooligan Malware (onthewire.io) 42

Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.
This discussion has been archived. No new comments can be posted.

More Than 1 Million Android Devices Rooted By Gooligan Malware

Comments Filter:
  • by Anonymous Coward on Wednesday November 30, 2016 @12:32PM (#53394027)

    I'd rather download Ginger or Mary Ann malware.

  • by cellocgw ( 617879 ) <cellocgw.gmail@com> on Wednesday November 30, 2016 @12:51PM (#53394215) Journal

    Here I sit w/ my beloved Asus ME302C, complete abandonware for over 3 years now. Everything runs fine, it can handle all updated apps, browsers, Chromecast, and so on. Just no way, other than convoluted roothacking and Cyanogen installation, to update the Android OS itself.

    Can I sue Asus for this? (rhetorical question)

    • Wow. Crap.
      Asus is a long-renowned motherboard vendor, a major PC vendor and I somehow thought they would know a bit about support. They know things about firmware and user-facing documentation and downloads. It's no surprise the Android crap division doesn't support their products, I guess everyone may know it by inquiring a little on the internets but if Asus won't support their hardware, who will with their own? It's like a tragedy of commons, not quite the right term but I wonder how you should call it,

  • I don't have or want a smartphone, but I have a friend who recently had to get one (so he didn't end up with a shitty phone with a screen too small to read) and it's Android; I see there is at least one anti-malware solution out there for Android phones, but knowing little-to-nothing about Android, could I please get suggestions for an effective anti-malware solution for Android phones? Thanks.
  • Biology 101 (Score:4, Interesting)

    by Solandri ( 704621 ) on Wednesday November 30, 2016 @01:09PM (#53394373)

    Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route.

    Successful parasites do not kill their host - if they do that, they have to find another host. The successful ones minimize their impact on the host, using them as a free ride [wikipedia.org] to other opportunities which they can exploit. Sometimes this even develops into a symbiotic relationship.

    If the malware doesn't steal user data, the user has no incentive to detect and remove it. Much to the consternation of the ad networks which are the real targets. I wouldn't be surprised if the next step is for this malware to install patches to fix vulnerabilities in the OS, to prevent other less well-thought-out malware from being installed and eventually getting the frustrated user to wipe and reset the phone.

    • There may be other symptoms like terrible battery life, excessive data usage and poor performance.
      • With higher specs - 1GB on the low/mid end, better flash, better OS (maybe) and some lightweight enough malware, perhaps the performance won't be so poor. We used to have excruciatingly slow Windows XP computers loaded with malware (funny, given how a clean Windows XP on mid 2000s vintage computer is really fast), and we now have quick running Windows 7 computers with some background malware (that isn't always that clever, as search page hijacking etc. gives it away)

        The malware could stay off 3G/4G and stea

      • A good malware programmer will make his app invisible to the naive end user, avoiding battery and performance hits on the device, so they'll never know the app is running.
  • A tale of a malware app
    That exposed Google accountholders
    Using Android smartphone crap.
  • https://gooligan.checkpoint.com/

    You're welcome.
  • The post says "Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware".

    Does that mean there are some apps infected with this in the Google app store as well?

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser

Working...