More than one million Google accounts are infected by a malware Gooligan Trojan Horse, according to Check Point Software Technologies. The security research team at the company has estimated that more than 13,000 of mobile phones are getting hit by the malware every day.
In Asia, around 57% of the devices are affected. While around 19% of the phone are affected in the U.S., 15% of smartphones are affected in Africa, and 9% are affected in Europe. The malware is primarily attacking the smartphones running on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop) operating systems.
The malware seems to have downloaded into the smartphones via the apps downloaded from third-party Android app stores and also via the links in phishing attack messages. Once installed, it breaks into the Google account of the user and gains access to Google Photos, Google Play, Google Drive, Google Docs, Gmail, and GSuite. It then proceeds to install apps from Google Play on the smartphone and provide fraudulent reviews and ratings for the apps.
In an interview given to Forbes, the Head of Mobile and Cloud security of Check Point Michael Shaulov has said that this attack is a part of an advertising fraud scheme.
In a response given to Check Point, Adrian Ludwig, Google’s director of Android security said, “We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Check Point has created a website where users can check if their smartphone is affected. According to Check Point, Gooligan Trojan Horse is not a new malware. It was earlier found in SnapPea app in 2015 and belongs to malware families like Ghostpush, MonkeyTest, and Xinyinhe. The new Gooligan Trojan Horse malware attack is said to be the largest Google account breach to date.