Malware scares are by and large common at this point, but a new concern has popped up that deseves some attention. Check Point, the security research team who has uncovered a lot of this stuff as of late, has discovered a new form of malware that they’re calling Gooligan.
Gooligan is based on the Ghost Push malware that came into prominence last year, where the malware installs a rootkit on the user’s phone and uses API tricks to hide itself from malware-busting checks. For this battle, Gooligan has taken on a form that gives it an ability to intercept Google account tokens from Google apps, which it then uses to inject code into Google Play Services to secretly download fraudulent apps.
It’s said that over 1 million Google accounts have been affected by this issue, but before you freak out let’s consider a few things:
For those potentially affected, Google says they’ve already taken precautionary and reactionary methods, including revoking account tokens for those affected and using Verified Boot on newer platforms to ensure no illegal modifications have been made to the system partition. Beyond that, Google says they’re continuing to work with device manufacturers and service providers to keep as many devices updated as they can to ensure users are shielded from these sorts of attacks in their ongoing effort to strengthen internet security.