More Than 1 Million Google Accounts Breached by Gooligan, New Android Malware Variant
November 30 2016 - 09:00AM
Check Point® Software Technologies Ltd. (NASDAQ:CHKP) today
announced its security researchers have revealed a new variant of
Android malware, breaching the security of more than one million
Google accounts. The new malware campaign, named Gooligan, roots
Android devices and steals email addresses and authentication
tokens stored on them. With this information, attackers can access
users’ sensitive data from Gmail, Google Photos, Google Docs,
Google Play, Google Drive, and G Suite.
“This theft of over a million Google account
details is very alarming and represents the next stage of
cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile
products. “We are seeing a shift in the strategy of hackers, who
are now targeting mobile devices in order to obtain the sensitive
information that is stored on them.”
Key Findings:
- Campaign infects 13,000 devices each day and
is the first to root over a million devices.
- Hundreds of the email addresses are associated with enterprise
accounts worldwide.
- Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and
5 (Lollipop), which represent nearly 74% of Android devices
in use today.
- After attackers gain control over the device, they generate
revenue by fraudulently installing apps from Google Play and rating
them on behalf of the victim.
- Every day Gooligan installs at least 30,000
apps on breached devices, or over 2 million apps since the
campaign began.
Check Point reached out to the Google security team immediately
with information on this campaign. “We appreciate Check Point's
partnership as we’ve worked together to understand and take action
on these issues. As part of our ongoing efforts to protect users
from the Ghost Push family of malware, we’ve taken numerous steps
to protect our users and improve the security of the Android
ecosystem overall,” stated Adrian Ludwig, Google’s director of
Android security. Among other actions, Google has contacted
affected users and revoked their tokens, removed apps associated
with the Ghost Push family from Google Play, and added new
protections to its Verify Apps technology.
Check Point’s Mobile Research Team first
encountered Gooligan’s code in the malicious SnapPea app last year.
In August 2016, the malware reappeared with a new variant and has
since infected at least 13,000 devices per day. About 57% of these
devices are located in Asia and about 9% are in Europe. Hundreds of
the exposed email addresses are associated with enterprises around
the world. The infection begins when a user downloads and installs
a Gooligan-infected app on a vulnerable Android device, or by
clicking on malicious links in phishing attack messages.
Check Point is offering a free online tool that
allows users to check if their account has been breached. “If your
account has been breached, a clean installation of an operating
system on your mobile device is required. This complex process is
called flashing, and we recommend powering off your device, and
approaching a certified technician or your mobile service provider,
to re-flash your device,” added Shaulov.
Follow Check Point via:
Check Point Blog: http://blog.checkpoint.com/
Twitter: http://www.twitter.com/checkpointswFacebook:
http://www.facebook.com/checkpointsoftware YouTube:
http://www.youtube.com/user/CPGlobal LinkedIn:
https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies
Ltd.
Check Point Software Technologies Ltd.
(www.checkpoint.com) is the largest network cyber security vendor
globally, providing industry-leading solutions and protecting
customers from cyberattacks with an unmatched catch rate of malware
and other types of threats. Check Point offers a complete security
architecture defending enterprises – from networks to mobile
devices – in addition to the most comprehensive and intuitive
security management. Check Point protects over 100,000
organizations of all sizes.
INVESTOR CONTACT:
Kip E. Meintzer
Check Point Software Technologies
+1.650.628.2040
ir@checkpoint.com
MEDIA CONTACT:
Ali Donzanti
Check Point Software Technologies
+1.650.628.2424
press@checkpoint.com
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Feb 2024 to Mar 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Mar 2023 to Mar 2024