More than one million Google accounts have been breached by malware that infiltrated older Android devices, cyber security firm Check Point Software Technologies Ltd. announced Wednesday.
The researchers traced the malware back to dozens of what they called “legitimate-looking” apps — with names “Wi Fi Enhancer,” “GPS,” “Beautiful Alarm, “Battery Monitor,” and even “Google”— on third-party Android app stores. In general, Google strongly cautions users to download apps only from the official Google Play store to help reduce the risk of accidentally installing malicious software. Attackers also spread the malware via links sent in text messages to unsuspecting users, Check Point said.
This specific malware, nicknamed Gooligan, has been steadily infecting older versions of Android devices since August of this year; Check Point estimates that 13,000 new devices continue to be breached daily.
Once it lives on a user’s Android device, Gooligan exploits known vulnerabilities in the Android operating system to install other apps and malicious software without users’ permission. Using that foothold, attackers can steal users’ email addresses and authentication tokens in order to dive deeper into their extensive personal data stored across Google: Gmail, Google Photos, Google Drive, etc., Check Point said.
“If you download an infected app ... it gets in under the operating system and gives it access to your Google account, which is tied into your Android phone because Android is from Google, and your Google account is from Google, so you’ve kind of handed them [hackers] the keys to the store,” CNET editor Dan Ackerman told CBS News.
Read more here: www.cbsnews.com/news/google-accounts-malicious-software-android/