Hackers compromise over 1 million Google accounts
An intricate new hacking campaign has led to the breach of over one million Google accounts, according to Israeli security firm Check Point Software Technologies. The hacking method uses malware dubbed “Gooligan” that is installed through unauthorized apps available outside of the Google Play Store.
Once downloaded, the malicious apps (which are disguised as innocuous apps like flashlights and WiFi analysis tools) take control of the infected device by gaining root access. Root access allows a program to utilize any part of a computer or phone, including the file system, hardware access, and user information. This allows the malware to download additional apps, access private and personal info, and even send information, all without alerting the user.
Hackers were able to use the malware to gain user tokens to user accounts with Google Docs, Google Photos, and Gmail. “Tokens” are used by services and software to authenticate users. If a hacker is able to obtain a token used to log in to a service, the hacker can then pose as the affected user without easy detection.
So far, it seems that the hackers have used the malware to access information, download additional apps and adware, and post reviews and other content while posing as unaware users. According to Fortune, the adware and fake reviews have been used to “generate hundreds of thousands of dollars in bogus ad revenue per month.”
The phony apps have been infecting devices since August. Check Point believes that the malware is infecting up to 13,000 Android devices and installing about 30,000 apps every day. The hackers seem to be targeting devices running Android 4 or Android 5 (Jelly Bean through Lollipop), which account for almost 75% of all Android devices globally.
Check Point has notified Google of the breach, and both companies are working to track down the hackers and mitigate the damage caused. Per Fortune, “Check Point further [recommends] that victims reinstall the operating system on their phones, hiring a technician to “flash” the device’s memory, since a standard factory reboot is not enough to remediate the issue. Immediately following that, customers should change their Google passwords.”
Check Point has released a free tool to check if an account was breached. It can be found here.