Researchers say they’ve uncovered a family of Android-based malware that has compromised more than 1 million Google accounts, hundreds of them associated with enterprise users.
Gooligan, as researchers from security firm Check Point Software Technologies have dubbed the malware, has been found in at least 86 apps available in third-party marketplaces. Once installed, it uses a process known as rooting to gain highly privileged system access to devices running version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) of Google’s Android operating system. Together, the vulnerable versions account for about 74 percent of users.
The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite. In a blog post published Wednesday morning, Check Point researchers wrote: