ALERT: Over 1,000,000 Google Accounts Hacked by Android Malware Gooligan


Image source: Check Point

If you have a Google account or an Android based device, this blog will be of great interest to you. According to a report by Check Point (a leading mobile threat prevention company:(www.checkpoint.com) security, "Gooligan" has been infecting an average of 13,000 new devices per day. The breach took place starting in August 2016. The report notes that their goal is not to steal information but to promote their apps generating fraudulent ad revenue. Infected apps are downloaded from third party sources outside of Google Play, which is why Apple and Google recommend sticking to the approved applications in their app stores. The attack is a variant of the known malware Ghost Push which had a similar goal, installing apps for fraudulent ad revenue. Ghost Push and Gooligan both affect devices that had an older Android OS than 6.0 Marshmallow. You can check your version by clicking on Settings->About Phone. 74% of the Android OS market have versions of Android older than 6.0.

There is a combined effort between Google, phone manufacturers, internet service providers, and security researchers to combat this type of breach. The bad guys outnumber the good guys in the hacking world, so it is important that you take measures to secure your personal security and your business's technology systems. Aspire Business Solutions can help.

What can you do?

Check your account using this link (https://gooligan.checkpoint.com/) to see if you are listed in the known database of breached accounts. If you are, change your passwords and disable any devices allowed to access your account. Set the devices up with your new information.

Check your account to see if you have been "pwned". In general, getting pwned, in hacker terminology, is when your email and password have been publicly released in a data breach. Use the following site (https://haveibeenpwned.com/) to see if your credentials have been published for specific web services (ex. LinkedIn, Facebook, Adobe, Google, etc). This site will tell you which online services in which your credentials have been published. Once a service provider discovers they have been pwned, they usually notify their subscribers to change their credentials. Therefore, if you followed their recommendation, you are probably safe. If you can't remember being notified by a service provider or can't remember if you changed your password, now would be a good time to login to those services listed and change your password.

Keep your phone up-to-date. The old versions of the Android operating system were the ones affected by these attacks. Updating doesn't always protect you, but it helps.

Create a new, strong password. Never reuse a password that, if stolen, gives access to personal information you wouldn't want to share or information tied to any of your accounts where your money can be accessed. Try to change your passwords at least every six months. Consider using a reputable password manager like LastPass to help you stay on top of your personal security, as well as keep track of all the passwords.

Stick to apps from the iPhone and Android app stores. This limits the possibility of getting your device infected by unapproved apps.

If you are worried about any of this, contact the professionals at Aspire Business Solutions so that we can review your personal or business technology security and help you have peace of mind that your information is secure.


Recent Posts