More than 1 mil­lion Google ac­counts hit by ma­li­cious apps

The Denver Post - - BUSINESS - By Dow Jones Newswires

Ma­li­cious soft­ware dis­guised as le­git­i­mate apps for An­droid smart­phones and tablets has seized con­trol of more than a mil­lion Google ac­counts since Au­gust, ac­cord­ing to re­search from se­cu­rity firm Check Point Soft­ware Tech­nolo­gies Ltd.

The apps had in­no­cent-sound­ing names, such as Stop­Watch, Per­fect Cleaner and Wi-Fi En­hancer. But they ex­ploited known flaws in older ver­sions of the An­droid op­er­at­ing sys­tem to take con­trol of de­vices and in­stall other apps and ad-spew­ing soft­ware with­out per­mis­sion.

The ma­li­cious Tro­jan-horse soft­ware known as Gooli­gan was found in 86 fraud­u­lent apps and has been in­fect­ing about 13,000 An­droid de­vices a day, Check Point said. The Gooli­gan apps come from third­party app stores rather than Google’s au­tho­rized Play store, but some apps down­loaded with­out au­tho­riza­tion can be found on Play, Check Point said.

Users whose de­vices have been in­fected see pop-up ads and un­wanted soft­ware, said the Is­rael-based se­cu­rity firm.

Gooli­gan is a vari­ant of ma­li­cious soft­ware known as Ghost Push, which has been giv­ing An­droid users headaches for two years. Google last year tracked more than 40,000 Ghost Push apps.

Gooli­gan preys on an in­creas­ingly se­ri­ous An­droid prob­lem: Users don’t up­date their op­er­at­ing sys­tems, leav­ing their smart­phones and tablets vul­ner­a­ble to at­tacks that ex­ploit known soft­ware bugs.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.