This week, researchers at Check Point Software Technologies alerted the world to the existence of malware found in a least 86 Android third-party apps.
The malware, dubbed Gooligan, is a more aggressive variant of the Ghost Push malware, found in September 2015. It operates on Android 4 and 5 (Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop) and gains highly privileged systems access via a process known as rooting.
If the rooting is successful, attackers can control the device and then install software that steals authentication tokens. These tokens allow devices to access Google-related accounts without the user entering a password. This means that data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive is then accessible to the attacker.
The researchers say that this malware has compromised more than a million Google accounts, most of which seem to be located in Asia.
If you’re concerned that your account may be affected, visit https://gooligan.checkpoint.com/ to check and see. You can also read the original blog post, to see if you have downloaded any of the known malware-containing apps.
If you’re thus far unaffected, ensure that your security is maintained as you go forward. This sort of malware is found primarily in third-party apps from non-Google app stores, which are often cheaper than Google Play Store apps, or even free. However, free apps often compromise your security; after all, something has to pay for the app, and it might just be that you’re paying with your identity or data.
Avoid third-party app stores, and invest some time and research into how best to protect yourself, and your device, when you download new apps.
Your security is precious; don’t throw it away.