Within the last few weeks, two separate rootkits affecting millions of Android-based devices were discovered by security researchers. Now, malware called Gooligan, which is said to have breached over a million Google accounts using information stolen from Android devices has been uncovered.
Security firm Check Point has published its findings of the Gooligan malware campaign which targets older Android devices running on Jelly Bean (4.1, 4.2, 4.3), KitKat (4.4) or Lollipop (5.0, 5.1). The malicious code gets installed on the host devices through a regular phishing attack from third-party app stores. Once it gets access to the device, the malware seeks root permissions in order to gain access to various stored accounts. After settling in, the malware starts installing and rating fraudulent apps from the Google Play Store.
The researchers at Check Point have revealed that Gooligan is the first malware to root over a million devices with a daily count of 13,000 infections. Google's director of Android Security, Adrian Ludwig, has assured in a Google+ post that the company is working on protecting users from Ghost Push malware variants such as Gooligan and has revoked tokens of affected users. In most cases, the affected users have been contacted as well.
Owners of new and old Android devices should protect themselves by following Google's app installation guidelines. Additionally, they should be extra careful before sideloading any apps from websites or third-party app stores.