The cost of free: More than one million Google Android devices hit by malware

“More than one million Google accounts have been breached by malware that infiltrated older Android devices, cyber security firm Check Point Software Technologies Ltd. announced Wednesday,” Shanika Gunaratna reports for CBS News.

“The researchers traced the malware back to dozens of what they called ‘legitimate-looking’ apps — with names ‘Wi Fi Enhancer,’ ‘GPS,’ ‘Beautiful Alarm,’ ‘Battery Monitor,’ and even ‘Google’ — on third-party Android app stores,” Gunaratna reports. “Attackers also spread the malware via links sent in text messages to unsuspecting users, Check Point said.”

“This specific malware, nicknamed Gooligan, has been steadily infecting older versions of Android devices since August of this year; Check Point estimates that 13,000 new devices continue to be breached daily,” Gunaratna reports. “Attackers can steal users’ email addresses and authentication tokens in order to dive deeper into their extensive personal data stored across Google: Gmail, Google Photos, Google Drive, etc., Check Point said.”

Read more in the full article here.

MacDailyNews Take: The cost of free.

Anyone who values their security and privacy would be foolish to use any device that fails to sport the Apple logo [that includes, phones, tablets, smartwatches, Wi-Fi routers, etcetera].MacDailyNews, March 22, 2016

Secret backdoor in U.S. Android phones sent location, text, contact data to China – November 15, 2016
Google to pay $5.5 million for sneaking around Apple’s privacy settings to collect user data – August 31, 2016
Cybersecurity researchers: Fitness trackers vulnerable to tracking, privacy breaches – but not Apple Watch – February 2, 2016
EFF files complaint asking for federal investigation; says Google broke privacy pledge, tracked students – December 1, 2015
Tim Cook gets privacy and encryption: We shouldn’t surrender them to Google – June 4, 2015
Apple CEO Tim Cook champions privacy, blasts ‘so-called free services’ – June 3, 2015
How Google aims to delve deeper into users’ lives – May 29, 2015
Apple CEO Cook: Unlike some other companies, Apple won’t invade your right to privacy – March 2, 2015
Edward Snowden’s privacy tips: ‘Get rid of Dropbox,” avoid Facebook and Google – October 13, 2014
Apple CEO Tim Cook ups privacy to new level, takes direct swipe at Google – September 18, 2014
U.S. NSA watching, tracking phone users with Google Maps – January 28, 2014
U.S. NSA secretly infiltrated Yahoo, Google data centers worldwide, Snowden documents say – October 30, 2013
Google has already inserted some U.S. NSA code into Android – July 10, 2013
Court rules NSA doesn’t have to reveal its semi-secret relationship with Google – May 22, 2013
Google Street View cars grabbed locations of cellphones, computers – July 26, 2011
Consumer Watchdog calls for probe of Google’s inappropriate relationship with Obama administration – January 25, 2011
Wired: Google, CIA Invest in ‘future’ of Web monitoring – July 29, 2010
37 states join probe into Google’s questionable Wi-Fi data collection – July 22, 2010
Google Street View Wi-Fi data included passwords and email – June 18, 2010


    1. Some people know the price of everything but the value of nothing. If you adjust for security, privacy, performance, and other qualitative factors, the Apple iPhone represents real value. The so-called “poor” are getting totally screwed by buying Android, yet they are targeted with a perfect selling scam. Sad. There ought to be a law. And as for the tech press: the lights are on but nobody’s home.

      1. With all the Apple is DOOMED mocking birds running around….. Where the Fck are all the Google is doomed articles? Gooligan is running amuck across multiple versions of Gaagle’s 90% “Market Share”. pff.. what a fckin’ JOKE.

        But once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to “root” the device – i.e. take complete control over it. To do that, the attackers have used long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion. Most infections (40 per cent) are in Asia, though 19 per cent are in the Americas, most of which are in North America, Shaulov said. Another 12 per cent are based in Europe.

        Articles like these makes Steve Jobs and Apple’s stance on users PRIVACY & SECURITY even more profound.

        Only poor fools & bozos reward thieves whilst paying to be bent over and taking it hard in the ass with Android. Stupid is as stupid does.

  1. Slightly off topic but is any other iOS user out there being spammed with calendar invites?

    I’ve had a flurry over the last few weeks… The only way to make sure they don’t know your address is active is to create a new calendar, save (but don’t accept) the spam invite then delete the calendar.

    Very annoying, very clunky.

  2. Hmmm… for all the hundreds of millions of android devices out there, 1 million is a tiny fraction. Kristi because this malware only affects older android devices and many users have switched to newer ones?

    1. Oh, OK! You’ll enjoy this one a lot more then:

      This article covers Shedun/HummingBad malware discovered a year ago. The article is from July of this year and indicates the estimated number of Android phones infected at that time, and counting…

      10 million Android phones infected by all-powerful auto-rooting apps
      First detected in November, Shedun/HummingBad infections are surging.

      The malware uses a variety of methods to infect devices. One involves drive-by downloads, possibly on booby-trapped porn sites. The attacks use multiple exploits in an attempt to gain root access on a device. When rooting fails, a second component delivers a fake system update notification in hopes of tricking users into granting HummingBad system-level permissions. Whether or not rooting succeeds, HummingBad downloads a large number of apps. In some cases, malicious components are dynamically downloaded onto a device after an infected app is installed.

      From there, infected phones display illegitimate ads and install fraudulent apps after certain events, such as rebooting, the screen turning on or off, a detection that the user is present, or a change in Internet connectivity. HummingBad also has the ability to inject code into Google Play to tamper with its ratings and statistics. It does this by using infected devices to imitate clicks on the install, buy, and accept buttons. . . .

      The malware roots most of the phones it infects, a process that subverts key security mechanisms built into Android.

      Another Android Catastrophe™. There has been at least one major Android security/malware FAIL every month of 2016. Enjoy. (0_o)

  3. The best I can say about this latest monthly Android Catastrophe ™ is that at least Google was on their toes this time and kept the 86+ Gooligan (Ghost Push.B) Trojan apps out of the Google Play Store. Google is also using a service called Verify Apps to scan for Googligan/Ghost Push malware and warn victims and prevent installation of the malware. That’s a big step up from Google’s previous, ahem, laziness.

    Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the 86 apps known to contain Gooligan. Alternatively, users can visit this link to see if the Google account associated with their device has been compromised. Infected phones can only be disinfected by reflashing them with a clean installation of Android. Passwords for the associated Google account should be changed immediately afterward.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.