Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 1 Million Android Devices Rooted By Gooligan Malware (onthewire.io)

Posted by msmash on from the security-woes dept.

Reader Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims' Google accounts in the process. The malware campaign, known as Gooligan, is a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that's not the main concern for victims. The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users' Google credentials.Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

20 of 42 comments (clear)

  1. Gooligan Malware? by Anonymous Coward · · Score: 5, Funny

    I'd rather download Ginger or Mary Ann malware.

    1. Re:Gooligan Malware? by Anonymous Coward · · Score: 1

      That type of malware takes half of everything you own.

    2. Re:Gooligan Malware? by dywolf · · Score: 1

      you forgot the best choice of all: the billionaire's wife.
      (or the billionaire, depending on your proclivities)

      --
      The guy who said the election was rigged won the presidency with the second-most votes.
    3. Re:Gooligan Malware? by Rob+Y. · · Score: 3, Insightful

      He was a 'millionaire', not a 'billionaire'. Boy, a million bucks sure isn't what it used to be...

      --
      Posted from my Android phone. Oh, I can change this? There, that's better...
  2. Which is why Google should control Android updates by cellocgw · · Score: 3, Interesting

    Here I sit w/ my beloved Asus ME302C, complete abandonware for over 3 years now. Everything runs fine, it can handle all updated apps, browsers, Chromecast, and so on. Just no way, other than convoluted roothacking and Cyanogen installation, to update the Android OS itself.

    Can I sue Asus for this? (rhetorical question)

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  3. While we're on the subject: Android Ant-malware by Rick+Schumann · · Score: 1

    I don't have or want a smartphone, but I have a friend who recently had to get one (so he didn't end up with a shitty phone with a screen too small to read) and it's Android; I see there is at least one anti-malware solution out there for Android phones, but knowing little-to-nothing about Android, could I please get suggestions for an effective anti-malware solution for Android phones? Thanks.

    1. Re:While we're on the subject: Android Ant-malware by silverkniveshotmail. · · Score: 3, Insightful

      Don't sideload apps from shady websites, stick to the playstore. If your friend was somehow forced to buy a smartphone there's nothing forcing him to install any additional apps.

    2. Re:While we're on the subject: Android Ant-malware by Rick+Schumann · · Score: 1

      That's the one that I've seen so far, thanks for that (you're more helpful that the idiots who commented above you), but I'd like more than one choice to evaluate before I make my own recommendation to my friend.

    3. Re:While we're on the subject: Android Ant-malware by jrumney · · Score: 1

      an effective anti-malware solution for Android phones?

      Hell, I'd settle for an effective anti-malware solution for Windows. Is that industry good for anything other than making your hardware feel like it has aged 20 years.

    4. Re:While we're on the subject: Android Ant-malware by BasilBrush · · Score: 1

      But muh android freedumz...

  4. Biology 101 by Solandri · · Score: 3, Interesting

    Although the malware has full remote access to infected devices, it doesn't appear to be stealing user data, but rather is content to go the click-fraud route.

    Successful parasites do not kill their host - if they do that, they have to find another host. The successful ones minimize their impact on the host, using them as a free ride to other opportunities which they can exploit. Sometimes this even develops into a symbiotic relationship.

    If the malware doesn't steal user data, the user has no incentive to detect and remove it. Much to the consternation of the ad networks which are the real targets. I wouldn't be surprised if the next step is for this malware to install patches to fix vulnerabilities in the OS, to prevent other less well-thought-out malware from being installed and eventually getting the frustrated user to wipe and reset the phone.

    1. Re:Biology 101 by silverkniveshotmail. · · Score: 2

      There may be other symptoms like terrible battery life, excessive data usage and poor performance.

    2. Re:Biology 101 by Blaskowicz · · Score: 1

      With higher specs - 1GB on the low/mid end, better flash, better OS (maybe) and some lightweight enough malware, perhaps the performance won't be so poor. We used to have excruciatingly slow Windows XP computers loaded with malware (funny, given how a clean Windows XP on mid 2000s vintage computer is really fast), and we now have quick running Windows 7 computers with some background malware (that isn't always that clever, as search page hijacking etc. gives it away)

      The malware could stay off 3G/4G and steal bandwith on wifi, which will not be very noticeable. Left is the battery life stealing, that would be the biggest issue.

    3. Re:Biology 101 by rodrigoandrade · · Score: 1

      A good malware programmer will make his app invisible to the naive end user, avoiding battery and performance hits on the device, so they'll never know the app is running.

  5. Re:Thanks Google by Anonymous Coward · · Score: 1

    Certain links if you have turned off the default security setting that only allows apps to come from the trusted store sure. And even the summary says none of these came from the Play Store. So - people attempting to pirate $1.99 apps or people foolish enough to use the Amazon app store which also requires you to turn off the security setting. Yes, cheapskates. Normal users have nothing to worry about here.

  6. Just sit right back and you'll hear a tale by Muntzsky · · Score: 1

    A tale of a malware app
    That exposed Google accountholders
    Using Android smartphone crap.

  7. Re:Which is why Google should control Android upda by Blaskowicz · · Score: 1

    Wow. Crap.
    Asus is a long-renowned motherboard vendor, a major PC vendor and I somehow thought they would know a bit about support. They know things about firmware and user-facing documentation and downloads. It's no surprise the Android crap division doesn't support their products, I guess everyone may know it by inquiring a little on the internets but if Asus won't support their hardware, who will with their own? It's like a tragedy of commons, not quite the right term but I wonder how you should call it, where everyone does the same as the very low or negative margins depend on it (and thus whatever accounting salads and stock market things). So, no one makes a move. Some might expect 3 years of updates / support to be reasonable, and I dare say 5 years is more reasonable still for the consumer.

    The irony (flame about misuse of 'irony') is Asus sells graphics cards at a +10% margin next to their competitors, just because. Now perhaps the Android hardware industry can grow up a bit : 16nm or 14nm SoC going mainstream, USB-C, UFS flash memory, RAM sizes similar to low end PC, this is somewhat laptop class hardware. I think we can pay +10%, +20% whatever for 5 years of support meaning basic security (and 5 years is compromising much. You can be current on a PC from 1999 or 2001)

  8. Tool to verify if you've been hacked by rodrigoandrade · · Score: 1

    https://gooligan.checkpoint.com/

    You're welcome.

  9. Re:Which is why Google should control Android upda by Blaskowicz · · Score: 1

    A cheap Windows tablet with about the same hardware would do about the job with a decade of updates, me think. But Windows is free as beer for 7.9 inches and under, is that it? As if a dealer pushing one free serving of dope.

  10. What does 'mainly' mean by Tangential · · Score: 1

    The post says "Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware".

    Does that mean there are some apps infected with this in the Google app store as well?

    --
    Suppose you were an idiot. And suppose you were a member of congress. But then I repeat myself. -- Mark Twain