Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 1 Million Android Devices Rooted By Gooligan Malware (onthewire.io)

Posted by msmash on from the security-woes dept.

Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

42 comments

  1. Re: You mean gapps? by Anonymous Coward · · Score: 0

    So malware can root my phone but i cant?

  2. Gooligan Malware? by Anonymous Coward · · Score: 5, Funny

    I'd rather download Ginger or Mary Ann malware.

    1. Re:Gooligan Malware? by Anonymous Coward · · Score: 1

      That type of malware takes half of everything you own.

    2. Re:Gooligan Malware? by dywolf · · Score: 1

      you forgot the best choice of all: the billionaire's wife.
      (or the billionaire, depending on your proclivities)

      --
      The guy who said the election was rigged won the presidency with the second-most votes.
    3. Re:Gooligan Malware? by Anonymous Coward · · Score: 0

      Considering that Natalie Shafer was 65 when the show started, she wasn't bad at all for her age.

    4. Re:Gooligan Malware? by Rob+Y. · · Score: 3, Insightful

      He was a 'millionaire', not a 'billionaire'. Boy, a million bucks sure isn't what it used to be...

      --
      Posted from my Android phone. Oh, I can change this? There, that's better...
  3. What would the skipper say? by Anonymous Coward · · Score: 0

    I can hear his voice now - " Goooooligan!"

    1. Re:What would the skipper say? by Anonymous Coward · · Score: 0

      Malware has almost come full circle. With Gooligan malware, we have come from Banzai Buddy to Little Buddy.

  4. Thanks Google by Anonymous Coward · · Score: 0

    Thank you Google for not patching Dirty CoW.

    (in before someone says "but third party app stores", two things: a) the article says "mainly", which implies that there are also malicious apps in the Play store, and b) it also notes that you can get infected by clicking certain links, though the exact mechanism is not specified, I believe)

    1. Re:Thanks Google by Anonymous Coward · · Score: 1

      Certain links if you have turned off the default security setting that only allows apps to come from the trusted store sure. And even the summary says none of these came from the Play Store. So - people attempting to pirate $1.99 apps or people foolish enough to use the Amazon app store which also requires you to turn off the security setting. Yes, cheapskates. Normal users have nothing to worry about here.

    2. Re:Thanks Google by Anonymous Coward · · Score: 0

      I'm pretty sure the Google Play Store has a few orders of magnitude more malware than F-Droid. Calling the setting that only allows apps to come from the Google Play store a "security setting" is Orwellian at best.

      That setting should allow the user to configure which app-store is trusted. Otherwise, it's useless.

  5. Which is why Google should control Android updates by cellocgw · · Score: 3, Interesting

    Here I sit w/ my beloved Asus ME302C, complete abandonware for over 3 years now. Everything runs fine, it can handle all updated apps, browsers, Chromecast, and so on. Just no way, other than convoluted roothacking and Cyanogen installation, to update the Android OS itself.

    Can I sue Asus for this? (rhetorical question)

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  6. While we're on the subject: Android Ant-malware by Rick+Schumann · · Score: 1

    I don't have or want a smartphone, but I have a friend who recently had to get one (so he didn't end up with a shitty phone with a screen too small to read) and it's Android; I see there is at least one anti-malware solution out there for Android phones, but knowing little-to-nothing about Android, could I please get suggestions for an effective anti-malware solution for Android phones? Thanks.

    1. Re:While we're on the subject: Android Ant-malware by Anonymous Coward · · Score: 0

      Only download apps from Google Play Store (i.e., not from third-party app stores)

    2. Re:While we're on the subject: Android Ant-malware by silverkniveshotmail. · · Score: 3, Insightful

      Don't sideload apps from shady websites, stick to the playstore. If your friend was somehow forced to buy a smartphone there's nothing forcing him to install any additional apps.

    3. Re:While we're on the subject: Android Ant-malware by Anonymous Coward · · Score: 0

      I'm using Malwarebytes, from the playstore. Trust it on my Win10 computer, it picks up pups (potentially unwanted programs), it's kind of lightweight in size, auto scans your phone on startup.

    4. Re:While we're on the subject: Android Ant-malware by Rick+Schumann · · Score: 1

      That's the one that I've seen so far, thanks for that (you're more helpful that the idiots who commented above you), but I'd like more than one choice to evaluate before I make my own recommendation to my friend.

    5. Re:While we're on the subject: Android Ant-malware by jrumney · · Score: 1

      an effective anti-malware solution for Android phones?

      Hell, I'd settle for an effective anti-malware solution for Windows. Is that industry good for anything other than making your hardware feel like it has aged 20 years.

    6. Re:While we're on the subject: Android Ant-malware by BasilBrush · · Score: 1

      But muh android freedumz...

  7. Biology 101 by Solandri · · Score: 3, Interesting

    Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route.

    Successful parasites do not kill their host - if they do that, they have to find another host. The successful ones minimize their impact on the host, using them as a free ride to other opportunities which they can exploit. Sometimes this even develops into a symbiotic relationship.

    If the malware doesn't steal user data, the user has no incentive to detect and remove it. Much to the consternation of the ad networks which are the real targets. I wouldn't be surprised if the next step is for this malware to install patches to fix vulnerabilities in the OS, to prevent other less well-thought-out malware from being installed and eventually getting the frustrated user to wipe and reset the phone.

    1. Re:Biology 101 by silverkniveshotmail. · · Score: 2

      There may be other symptoms like terrible battery life, excessive data usage and poor performance.

    2. Re:Biology 101 by Blaskowicz · · Score: 1

      With higher specs - 1GB on the low/mid end, better flash, better OS (maybe) and some lightweight enough malware, perhaps the performance won't be so poor. We used to have excruciatingly slow Windows XP computers loaded with malware (funny, given how a clean Windows XP on mid 2000s vintage computer is really fast), and we now have quick running Windows 7 computers with some background malware (that isn't always that clever, as search page hijacking etc. gives it away)

      The malware could stay off 3G/4G and steal bandwith on wifi, which will not be very noticeable. Left is the battery life stealing, that would be the biggest issue.

    3. Re:Biology 101 by rodrigoandrade · · Score: 1

      A good malware programmer will make his app invisible to the naive end user, avoiding battery and performance hits on the device, so they'll never know the app is running.

  8. This Just In by Anonymous Coward · · Score: 0

    People who download illegal software from questionable locations end up with viruses!

    1. Re:This Just In by Anonymous Coward · · Score: 0

      Yeah, blame the user for the monthly elevation of privilege vulnerabilities that millions of Android phones are rife with.

  9. Re:Which is why Google should control Android upda by Anonymous Coward · · Score: 0

    I have the exact same device. The hardware is amazing, even still. I am however terrified to let it leave the house or to install anymore apps.

    I have been looking at this option --> https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy&hl=en

  10. Just sit right back and you'll hear a tale by Muntzsky · · Score: 1

    A tale of a malware app
    That exposed Google accountholders
    Using Android smartphone crap.

  11. Re:Which is why Google should control Android upda by Blaskowicz · · Score: 1

    Wow. Crap.
    Asus is a long-renowned motherboard vendor, a major PC vendor and I somehow thought they would know a bit about support. They know things about firmware and user-facing documentation and downloads. It's no surprise the Android crap division doesn't support their products, I guess everyone may know it by inquiring a little on the internets but if Asus won't support their hardware, who will with their own? It's like a tragedy of commons, not quite the right term but I wonder how you should call it, where everyone does the same as the very low or negative margins depend on it (and thus whatever accounting salads and stock market things). So, no one makes a move. Some might expect 3 years of updates / support to be reasonable, and I dare say 5 years is more reasonable still for the consumer.

    The irony (flame about misuse of 'irony') is Asus sells graphics cards at a +10% margin next to their competitors, just because. Now perhaps the Android hardware industry can grow up a bit : 16nm or 14nm SoC going mainstream, USB-C, UFS flash memory, RAM sizes similar to low end PC, this is somewhat laptop class hardware. I think we can pay +10%, +20% whatever for 5 years of support meaning basic security (and 5 years is compromising much. You can be current on a PC from 1999 or 2001)

  12. Tool to verify if you've been hacked by rodrigoandrade · · Score: 1

    https://gooligan.checkpoint.com/

    You're welcome.

    1. Re:Tool to verify if you've been hacked by Anonymous Coward · · Score: 0

      Yeah, sure I'll give some random internet site a valid e-mail address.

  13. Re:Which is why Google should control Android upda by Blaskowicz · · Score: 1

    A cheap Windows tablet with about the same hardware would do about the job with a decade of updates, me think. But Windows is free as beer for 7.9 inches and under, is that it? As if a dealer pushing one free serving of dope.

  14. What does 'mainly' mean by Tangential · · Score: 1

    The post says "Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware".

    Does that mean there are some apps infected with this in the Google app store as well?

    --
    Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain
  15. Re: While we're on the subject: Android Ant-malwar by Anonymous Coward · · Score: 0

    Kaspersky does a nice enough job. Scans the Web traffic and allows you to block SMS and calls as well.

  16. Re: You mean gapps? by Anonymous Coward · · Score: 0

    Roll your own version of android if you don't like it!!!! /slashdot

  17. Quit using crap Android platforms by Anonymous Coward · · Score: 0

    Come on guys, I'm not fond of Android and even I roll my eyes at how often these pathetically under-powered, insecure, cheap Android devices make the Android Platform worse than the "Windows PC" platform.

    iOS doesn't have this problem, because largely people are discouraged from jailbreaking the devices. Android on the other hand, you have Samsung undermining it, LG undermining it, Microsoft undermining it, and the only device that you can even trust are Google's devices, and those aren't great devices either. Like the state of Android is worse than than the "Microsoft Windows" PC market. At least the PC market only has one version of the OS that is de-facto secure/stable/updated. Android has no such thing, and the devices that can run Android often can't run any other version of Android because the hardware platforms are too different.

    What needs to happen is that LG/Samsung need to standardize on what CPU/GPU/APU/Modem's that they will use for each generation of hardware, and essentially use exactly the same base parts so that their Android drivers are consistent and as such less prone to breakage. As only LG and Samsung even offer high end devices, just forget about the chinese cheap phones and quit importing the damn things. Like I wish I should shake the people at T-Mobile in the US and Wind(Freedom) Wireless in Canada to stop offering these pieces of crap.

  18. appy apps app apps by Anonymous Coward · · Score: 0

    appy apps app apps.