Gooligan – be careful what apps you install

Related Articles

How to make your business website more visitor-friendly

November 20, 2024

Safeguarding digital assets: A comprehensive guide to vulnerability management

October 19, 2024

Legacy of Kain: Soul Reaver 1 and 2 Remastered announced for modern platforms, to launch Dec 2024

October 18, 2024

If you are still using the versions of Android called Ice Cream Sandwich, Jelly Bean, KitKat or Lollipop, this may be a good time to seriously think about upgrading. Gooligan is a very aggressive piece of malware (software which is specifically designed to disrupt or damage a computer system) that has already infected one million Google accounts. Seventy four percent of Android users fall within this category of users.

Popular apps were released on a phased basis that depended on which country you lived. As a result, a lot of people resorted to downloading an Android application package (APK) from third party apps or torrent sites. These give you the freedom of having the latest and best apps before anyone else, and also the premium version of an app absolutely free.

However, some of these downloads were in fact infected. After you download Gooligan , “it calls home”. This is where it gets technical,  Gooligan then downloads a rootkit from its command server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the command server has full control of the device and can execute privileged commands remotely.

Once installed, Gooligan will try to steal authentication tokens from a user’s Google accounts, which allow it to access accounts without a password. Gooligan then downloads more infected apps and writes fake 5 star reviews in the Play Store on your behalf. The servers will not be able to tell the difference between you or Gooligan. Finally Gooligan will try to steal your personal data, passwords etc.

All is not lost, the first option and the most drastic is of course to simply upgrade to an Android 6 or 7 device. If funds are tight at the moment Just only download apps from the Play Store, and ensure that your device’s permission to download apps outside the Play Store is off. Google Play has a service known as Verify App will stop the installation of Gooligan and warn the user about the threat. There are also Gooligan checkers available on the Play Store so that you can check to see if your device has been infected.

So far it seems as though the threat is mostly concentrated in Asia where 570,000 accounts were infected, followed by the Americas with 190,000, Africa with 150,000 and Europe with 90,000. As of the time of this article officials at Google say that no data has been stolen from personal accounts.

So it seems as though there are really no shortcuts. In the future we all have to use caution while using our devices, be it when checking emails, or downloading the next popular app. Only download from the Play Store and be safe out there.

You may also like Increasing your phone’s battery life

Versions of Android

Android 1.6. Donut

Android 2.1. Eclair

Android 2.2. Froyo

Android 2.3. Gingerbread

Android 3.0. Honeycomb

Android 4.0. Ice Cream Sandwich

Android 4.1. Jelly Bean

Android 4.4. KitKat

Android 5.0 Lollipop

Android 6.0 Marshmallow

Android 7.0 Nougat

December 2016   www.sweettntmagazine.com

Outdoor learning for the family