Some Google Accounts Hit by Malicious Android Apps -- 2nd Update
November 30 2016 - 3:09PM
Dow Jones News
By Robert McMillan
Malicious software disguised as legitimate apps for Android
smartphones and tablets has seized control of more than one million
Google accounts since August, according to research from security
firm Check Point Software Technologies Ltd.
The apps had innocent-sounding names, such as StopWatch, Perfect
Cleaner and Wi-Fi Enhancer. But they exploited known flaws in older
versions of the Android operating system to take control of devices
and install other apps and ad-spewing software without permission.
Some of the unauthorized apps also used the victim's username and
password to post fake reviews.
The malicious Trojan-horse software known as Gooligan was found
in 86 fraudulent apps and has been infecting about 13,000 Android
devices a day, Check Point said. The Gooligan apps come from
third-party app stores rather than Google's authorized Play store,
but some apps downloaded without authorization can be found on
Play, Check Point said.
Users whose devices have been infected see pop-up ads and
unwanted software, said the Israel-based security firm.
Gooligan is a variant of malicious software known as Ghost Push,
which has been giving Android users headaches for two years.
Google, a unit of Alphabet Inc., last year tracked more than 40,000
Ghost Push apps.
"We appreciate Check Point's partnership as we've worked
together to understand and take action on these issues," a Google
spokesman said.
Check Point researchers shared their findings with Google and
worked closely with the company to develop techniques to fix
infected devices, a Check Point spokeswoman said. "We continue to
work with Google today to discover who or what group is responsible
for the Gooligan campaign," she said.
Google said it has removed apps associated with Ghost Push from
Google Play. It has also taken steps disrupt the servers used by
the malware's creators and to secure Google accounts compromised by
the malicious software.
Although the free apps offered by alternative stores can be
enticing, they come with risks, Google said. In a Google+ post, the
company urged users to download only from the Play store.
Devices at risk from the Gooligan software are those using
Android 4 (the versions nicknamed Jelly Bean or KitKat), initially
released in 2012, or Android 5 (Lollipop), released in 2014, Check
Point said.
Users wondering if their devices have been compromised can visit
Check Point's site for a mobile-phone checkup and to learn
more.
Gooligan preys on an increasingly serious Android problem: Users
don't update their operating systems, leaving their smartphones and
tablets vulnerable to attacks that exploit known software bugs.
Android's overall security "hasn't measurably improved" since
2012, said Dave Aitel, chief executive of cybersecurity firm
Immunity Inc. "It's been a long time since everybody has been
telling Google that they have a serious problem with the ecosystem
and lack of updates."
Because control over software updates lies in the hands of
users, carriers, and phone manufacturers, there is no single entity
that can mandate a widespread software update, he said.
According to Google, 73% of Android users are on the Jelly Bean,
KitKat or Lollipop Android releases. Fewer than 25% are on newer
Android versions, including Marshmallow, released last year, or
Nougat, released this year.
Although the malicious software has infected more than one
million Google accounts, that's a small percentage of the more than
1.4 billion devices that run on Android software.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
November 30, 2016 14:54 ET (19:54 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2024 to May 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From May 2023 to May 2024