74% Of Android Devices At Risk From New Malware
If you’re still using a smartphone running on Android Jellybean, KitKat or Marshmallow, you’re at risk say security firm Check Point.
The firm says they’ve discovered evidence of a new malware attack campaign, dubbed Googlian, which they say has infected over one million Android devices.
Googlian takes advantage of known vulnerabilities in the Linux kernel, allowing it to take control of a user’s device once a malicious app has been installed.
From there, the malware compromises the user’s Google account, giving it access to Gmail, Drive, and Photos.
However, rather than download further compromise the device from there, it installs malicious apps from the Google Play Store, leaving five-star rankings for each app.
Though this seem innocuous on its own, with enough devices infected, this can propel Googlian-infected apps up the Play Store rankings in popularity and thus expose them to more potential targets in perpetuity.
Google have already responded to the report.
“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” said Adrian Ludwig, Google’s director of Android security.
“As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
The company are taking numerous steps including proactively notifying affected accounts, revoking affected tokens and deploying SafetyNet improvements to protect users from these apps in the future.
Check Point advise that you can check if your account is compromised by accessing the following web site that we created: https://gooligan.checkpoint.com/.
If your account has been breached, the following steps are required:
- A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
- Change your Google account passwords immediately after this process.