Thursday, October 19, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple Cut iPhone 8 Production by 50 percent: report
HTC U 11 Plus is Coming Next Month
2017 LG OLED TVS to Offer Dolby ThureHD Lossless Sound
Samsung and LG Showcase Next-generation Displays at IMID 2017
Samsung Unveils New Hardware/Software Turn-Key Solution For IoT Data Security
LG, Qualcomm to Jointly Develop Connectivity Solutions for Autonomous Cars
Samsung Unifies IoT Services Under SmartThings, Announces Bixby 2.0, AR Capabilities to Galaxy smartphones, a 360 Round Camera
HP Launches the Powerful ZBook X2 Detachable PC
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, November 30, 2016
Researchers Say 1 Million Google Accounts Breached by "Gooligan"


Security researchers revealed and alarming malware campaign. The attack campaign, named Gooligan, breached the security of over one million Google accounts. The number continues to rise at an additional 13,000 breached devices each day.



Research firn Check Point exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

Gooligan is a new variant of the Android malware campaign found in the SnapPea app last year.

Check Point has reached out to the Google Security team with information on this campaign, and security researchers are working closely with Google to investigate the source of the Gooligan campaign.

Gooligan potentially affects devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which is over 74% of in-market devices today. About 40% of these devices are located in Asia and about 12% are in Europe.

Check Point identified tens of fake applications that were infected with this malware. Check Point has launched a free online tool that can be used to check if your device has been breached.

If your account has been breached, you should perform a clean installation of an operating system on your mobile device (a process called "flashing"). Change your Google account passwords immediately after this process.

Traces of the Gooligan malware code have been spoted in dozens of legitimate-looking apps on third-party Android app stores. These stores are an attractive alternative to Google Play because many of their apps are free, or offer free versions of paid apps. However, the security of these stores and the apps they sell aren't always verified. Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.

The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. After an infected app is installed, it sends data about the device to the campaign's Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

Steal a user's Google email account and authentication token information

Install apps from Google Play and rate them to raise their reputation

Install adware to generate revenue

Ad servers, which don't know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.



Previous
Next
4K Live Streaming Now Available On Youtube        All News        Seagate Introduces Cloud-syncing Portable Hard Drive for Amazon Drive
Nokia Brand Licensee HMD Global Is Officially The Home of Nokia Phones     Mobiles News      Meizu Pro 6 Plus Packs Similar Features With Samsung Galaxy S7

Get RSS feed Easy Print E-Mail this Message

Related News
Cloak and Dagger Security Hole in Android Discovered
Preinstalled Malware May Be Targeting Your Android Phone
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
Android Ransomware Can Change Your Mobile's PIN Code

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .