More than 1 million Google accounts hit by malicious apps
Malicious software disguised as legitimate apps for Android smartphones and tablets has seized control of more than a million Google accounts since August, according to research from security firm Check Point Software Technologies Ltd.
The apps had innocent-sounding names, such as StopWatch, Perfect Cleaner and Wi-Fi Enhancer. But they exploited known flaws in older versions of the Android operating system to take control of devices and install other apps and ad-spewing software without permission.
The malicious Trojan-horse software known as Gooligan was found in 86 fraudulent apps and has been infecting about 13,000 Android devices a day, Check Point said. The Gooligan apps come from thirdparty app stores rather than Google’s authorized Play store, but some apps downloaded without authorization can be found on Play, Check Point said.
Users whose devices have been infected see pop-up ads and unwanted software, said the Israel-based security firm.
Gooligan is a variant of malicious software known as Ghost Push, which has been giving Android users headaches for two years. Google last year tracked more than 40,000 Ghost Push apps.
Gooligan preys on an increasingly serious Android problem: Users don’t update their operating systems, leaving their smartphones and tablets vulnerable to attacks that exploit known software bugs.