Android users, beware, because there's a new type of malware on the loose—and over a million Android devices have already been infected. While most of the infected devices are in Asia, 19 percent of them are in America, and 13,000 more devices are hacked each day. It's the largest breach of Google accounts ever, and it's definitely cause for concern.
The malware is dubbed Gooligan, and you can pick it up by downloading seemingly harmless apps from sources other than the Google Play store. Once downloaded, Gooligan gains access to all of your data, including Gmail, Google Docs, Google Drive, Google Play and more.
However, while Gooligan has access to a lot of your personal data, it doesn't appear to use it. Instead, Gooligan downloads apps from Google Play in a scam designed to collect advertising revenue. These apps may provide Gooligan's creators with cash for each download or show ads to generate income. Compromised Google accounts may also leave reviews on these fraudulent apps to make them appear more legitimate to other users.
Gooligan exploits known vulnerabilities in older versions of Android, including Jelly Bean, KitKat and Lollipop (that's Android 4.1 through Android 5.1.1). Newer Android devices running Marshmallow (Android 6.0 through 6.0.1) or Nougat (Android 7.0 through 7.1.1) aren't vulnerable, but if you use an Android device from 2014 or earlier, you could be vulnerable to Gooligan.
Fortunately, there's an easy way to check if you're infected. Security firm Check Point has created a tool that shows if your email address is among the compromised accounts. If your device is compromised, you'll want to do a clean installation of Android on your device (typically called "flashing"). Because of the way Gooligan works, simply resetting your phone to factory defaults and deleting your data won't get rid of the malware.
Doing a clean installation can be a bit of a complicated process, so you may want to consult a professional or talk to your wireless carrier about getting it done. Once your device is clean, change your Google account password, and you'll be good to go.
Google has been fighting malware like Gooligan for years now. Adrian Ludwig, director of Android security at Google, explains that the company has been working on strengthening security, removing apps involved in the compromise from Google Play and revoking access on compromised accounts by requiring them to sign in securely before they can access Google services again. While no data has been stolen in this hack, malware like Gooligan is capable of taking your data, and you'll want to take steps to keep your device safe.
Here's how to keep your device secure
- Install the latest version of Android, including the security patches. Your carrier should provide instructions when updates are available.
- Don't download apps from anywhere other than the Google Play store. Newer versions of Android will warn you if you try to download apps from elsewhere. Pay attention when it does!
- Run a reputable anti-virus application. While anti-virus protection can sometimes be frustrating — anti-virus apps can accidentally identify non-malware as malware — it can help keep your phone secure. Try AVAST, AVG, Kaspersky, McAfee or Norton, all of which are free and known for their solid desktop anti-virus protection.
[Image credit: mobile phone security concept via BigStockPhoto, CheckPoint]