In what is being called the largest Google account breach to date, more than a million Android users stand at risk as a malware called Gooligan is giving access to hackers to root their devices remotely.
Researchers from Check Point say they have stumbled upon this family of Android-based malware which has been found in at least 86 apps available in third-party marketplaces. It can remotely root the device to gain privileged system access to Android devices running on all Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop variants. Devices running on these versions currently account for nearly 74% of all Android users.
The malware has been affecting Android devices since August this year and the number continues to rise with an additional 13,000 breaches estimated each day. Gooligan is an aggressive variant of Ghost Push, a piece of Android malware that came to light in September 2015.
The researchers have already made Google aware of the malware and Google's director of Android security Adrian Ludwig responded saying: "We're appreciative of both Check Point's research and their partnership as we've worked together to understand these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall."
He added that as of now there is no evidence to prove that data was accessed from compromised accounts but the company has taken strict steps to prevent this including revoking affected users' Google Account tokens and providing them with clear instructions to sign back in securely.
The research shows that if any device is infected by the malware, the rooting will give hackers access to steal authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.
How to check if your account has been breached
Check Point says of the affected devices, more than 57% are located in Asia making users there the most vulnerable. Nearly 19% of victims are from the American subcontinent, 15% from Africa and about 9% from Europe.
To make sure that you are not amongst the victims of this malicious campaign, click on this link. Enter your Gmail address (personal and enterprise) to check if you have been affected.
In case you see a message saying your account has been breached, the following steps are required to be followed as per Check Point:
- A clean installation of the OS on your mobile device is required, a process usually referred to as flashing. In case you are not a tech junkie and unaware of the process, it will be advisable to take your phone to a certified technician, or your mobile service provider, to complete this process for you.
- Change your Google account passwords immediately.