New Android malware breaches more than 1 million Google accounts

57 per cent of the millions of infected Google accounts are located in Asia, says researchers

PUBLISHED : Thursday, 01 December, 2016, 3:16pm
UPDATED : Thursday, 01 December, 2016, 3:16pm

Asia is ground zero for malware infections dubbed “Gooligan” and aimed at Android operating systems, with the majority of the million Google accounts breached since August located there, researchers said.

The malware burrows in to mobile devices running on Android and steals information from Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite, researchers from Check Point Software Technologies said.

Attackers can also generate revenue by installing apps from Google Play on infected phones.

“Gooligan” infects a device after a user downloads and installs a Gooligan-infected app on third-party app stores, or by tapping on malicious links in phishing attacks. After the infected app is installed, it sends data about the device to the malware’s main server and downloads a rootkit, which enables the attacker to gain control of the mobile device.

“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” Michael Shaulov, Check Point’s head of mobile products. said.

“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Google did not immediately respond to a request for comment.

About 57 per cent of the affected devices are found in Asia, while 9 per cent are in Europe. Another 15 per cent of breached devices are in Africa and 19 per cent are in the Americas.

“The malware is more dominant in the older version of Android, namely 4 and 5. Though we can’t say for sure why, some sources say the older Android versions are still pretty prevalent in Asia,” Steve McWhirter, vice president of Asia, Middle East and Africa at Check Point Software Technologies, told CNBC.

The malware targets mobile devices running on the earlier operating systems Android 4.1 Jelly Bean, Android 4.4 KitKat and the Android 5.0 Lollipop, all of which make up 74 per cent of the devices in the market.

Android device users who suspect their account might have been hacked will need to go through a process called “flashing,” which can be done by mobile service providers or a certified technician, Check Point Software Technologies said, adding that Google account passwords should be changed immediately after “flashing.”

Follow CNBC International on Twitter and Facebook.