Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 1 Million Android Devices Rooted By Gooligan Malware (onthewire.io)

Posted by msmash on from the security-woes dept.

Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

2 of 42 comments (clear)

  1. Which is why Google should control Android updates by cellocgw · · Score: 3, Interesting

    Here I sit w/ my beloved Asus ME302C, complete abandonware for over 3 years now. Everything runs fine, it can handle all updated apps, browsers, Chromecast, and so on. Just no way, other than convoluted roothacking and Cyanogen installation, to update the Android OS itself.

    Can I sue Asus for this? (rhetorical question)

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  2. Biology 101 by Solandri · · Score: 3, Interesting

    Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route.

    Successful parasites do not kill their host - if they do that, they have to find another host. The successful ones minimize their impact on the host, using them as a free ride to other opportunities which they can exploit. Sometimes this even develops into a symbiotic relationship.

    If the malware doesn't steal user data, the user has no incentive to detect and remove it. Much to the consternation of the ad networks which are the real targets. I wouldn't be surprised if the next step is for this malware to install patches to fix vulnerabilities in the OS, to prevent other less well-thought-out malware from being installed and eventually getting the frustrated user to wipe and reset the phone.