Google Android remains one of the two dominant mobile software platforms, along with Apple‘s iOS. Android is known to be a more “open” operating system, in that it is not as rigidly controlled as other operating systems. This has lead to concerns that Android is more vulnerable that others. In some cases, these concerns are justified.
Google’s Play Store has seen several apps be compromised with malware. Gooligan, the latest Android malware, discovered by respected security company, Checkpoint. To date, over 1 million Google accounts have been compromised. There is a rather unique twist to this threat. While the account tokens have been compromised, the accounts on Google’s servers appear to be unaffected. Instead, what the malware seems to be doing is tricking infected systems into downloading infected apps in the background, unknown to the user, that then presents ads to the user that tricks them into purchasing something, thus paying the people behind the malware. It does this by increasing the download counts for the infected apps, making them look appealing to others to download and buy. It’s a clever attack vector that leverages the setting to allow applications to be installed from unknown sources. Simply turning this capability off will defeat Gooligan.
The problem is that many application developers entice users to install their applications, outside of the Google Play Store, therefore requiring this setting to be disabled. This is the root of the problem. As is rooting, the process whereby a user can “root” their device, unlocking the operating system to do essentially whatever you may want with it.
As it relates to Gooligan, the good news is that Checkpoint has a free tool to help you check to see if you have been infected with the malware. Click here to get the tool, if you’re an Android user and want to be sure your device is safe.