News

Android malware steals Google authentication tokens to install adware

By admin
Spread the love

Security firm Check Point has found a new variant of existing malware, which it has named ‘Gooligan’. This Android malware steals authentication tokens from Google users and has affected more than a million users, according to the company.

Check Point states that “more than a million Google accounts have been broken into” and that it has partnered with Google to investigate the malware. Adrian Ludwig, Google’s director of the Android security team, said in a statement that there was no indication that user data was actually stolen. Google rolled back app installations on affected accounts and investigated whether there was other malicious activity. According to Google, the people behind the malware are not after account information, but to generate revenue by installing apps that generate click-money and automatically give other apps a positive rating.

In its blog post, Check Point discusses how the malware works, which stem from previous SnapPea or GhostPush malware and target Android devices with version 4.0 or 5.0 of the mobile operating system. This would make 74 percent of all Android devices vulnerable. The malware spreads through third-party app stores outside the official Play Store. In addition, it is possible to become infected by clicking on links in phishing messages, according to Check Point. Once the malware is present on a device, it downloads a rootkit from a c2 server. This makes root access possible by using well-known techniques such as Vroot and Towelroot.

Then the malware uses a module to steal authentication tokens from the Google account. According to the company, these give access to various Google services, such as Drive, Gmail, Photos and Docs. The malware uses the tokens to download adware through the Play Store and provide apps with positive ratings. Which apps should receive a positive rating can be seen from information coming from the c2 server. Check Point has attached a list to its blog post showing which apps are distributing the Gooligan malware. The company has also created a tool that allows users to check if their account has been affected, although it is not available at the time of writing. In the event of an infection, Check Point recommends re-flashing the device and changing the Google password.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones