back to article Android-rooting Gooligan malware infects 1 million devices

A new strain of Android malware is infecting an estimated 13,000 devices per day. The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users' sensitive data from Gmail accounts, security researchers at Check Point …

  1. Mage Silver badge

    Social Attacks

    Gooligan spreads when victims download and install an infected app. Crooks are slinging the malware by tricking victims into following malicious links in phishing messages.

    Same as any platform then :( Lack of user good practices is the ultimate flaw in all security.

    1. Anonymous Coward
      Anonymous Coward

      better article than most

      At least they bothered to state the OS affected. I hate those articles that drone on about how widespread a malware is, and don't bother to mention the OS it targets. Of course, I'm not counting the ones that mention filenames.... Win32this and Win32that.

    2. Khaptain Silver badge

      Re: Social Attacks

      Gooligan spreads when victims download and install an infected app. Crooks are slinging the malware by tricking victims into following malicious links in phishing messages.

      What's amazing is that 13000 people per day are falling for this kind of phishing scam.. Are there really that many people installing apps on a daily basis and falling for a "Click on this to win a million or whatever". Those figures seems incredibly high... ( Yes, I know that there are a lot of stupid people but honestly 13000 per day is a hell of a lot)

      1. Anonymous Coward
        Anonymous Coward

        Re: Social Attacks

        What's amazing is that 13000 people per day are falling for this kind of phishing scam

        There is an old saying - there is one born every minute. And they all seem to want to prove it!

        Seriously however, a lot of these problems would go away if people just spent a minute thinking, instead of indulging in knee-jerk reactions.

        1. Anonymous Coward
          Anonymous Coward

          Re: Social Attacks

          Seriously however, a lot of these problems would go away if people just spent a minute thinking, instead of indulging in knee-jerk reactions.

          Since they have to either be using third party app stores already against every recommendation from reputable publications, or follow a list of instructions to enable installation from unknown sources (which in turn triggers dire warnings from the OS), I would say that anybody infected by this has to have spent considerably more than a minute thinking about it. Crap decision making certainly, but they are thinking about it.

        2. i1ya

          Re: Social Attacks

          Well, first reaction is to blame the users. But I need to state that, given the ease of use and cheapness of Android phones, there is good number of people who have their smartphones as *first* personal computing device in life. Including both illiterate kids and not very computer-savvy older people. Remember circa 97' web that had banners stylized as Windows system dalogs with "Your computer is infected" text? And back then we had neither bandwidth nor simplicity of applications' installation. Now, thanks for app store and user-friendliness, it takes two taps to install stuff, including malware, in fast and convenient way. If Google made the platform so popular and cheap and easy-to-extend, it's their direct responsibility to provide users of app store with better level of security. Also, why not to write "Warning! Some apps may contain malware and steal your data" on every store page, as tabacco manufacturers do?

      2. Ben Rose
        Megaphone

        Re: Social Attacks

        52% of people voted for Brexit. Then add on the Trump voters. Lots of stupid people out there.

        1. inmypjs Silver badge

          Re: Social Attacks

          "52% of people voted for Brexit. Then add on the Trump voters. Lots of stupid people out there."

          So that would be about 48% of them over here. Stupid and endlessly remoaning.

        2. Gavin Ayling

          Re: Social Attacks

          Brexit is a legitimate alternative to a political supranational organization - it does not compare with vaccine-denial...

      3. inmypjs Silver badge

        Re: Social Attacks

        "What's amazing is that 13000 people per day are falling for this kind of phishing scam."

        Considering global smartphones sold in the last 8 years it is about 1 in 115,000 smartphones infected per day. Ok worse because a lot of those will already be scrap, but, say finding 1 idiot a day in 30,000 people is so amazing?

        1. lglethal Silver badge

          Re: Social Attacks

          "finding 1 idiot a day in 30,000 people is so amazing?"

          1 idiot, in 30,000 who happens to have installed the same program, NOT from the Google Play store, on there phone which get them infected. Yes I would call that amazing.

          I cant really believe the figures. Maybe a Peak of 13k in 1 day, but every day. Nope that seems massively overestimated...

          1. Anonymous Coward
            Stop

            Re: Social Attacks

            So the fix is to use Googles walled garden? The thing many Android users have a habit of deriding Apple uses over?

            Installing from 1 single source is not a fix, it's a workaround.

      4. Gavin Ayling

        Re: Social Attacks

        A disease is considered rare if 50,000 people contract it per year in the USA. So 13,000 people per day is only 300 times that, in a world with only 4.4% of the world's population living in the US. In other words, people unfortunate enough to click malicious links are only about ten times more common than a 'rare' disease...

  2. Chris G Silver badge

    Capitalism at it's best/worst

    The commercialisation and subsequent profit from stupiity.

  3. Anonymous Coward
    Devil

    Ratings hacks

    Well well, the day has finally arrived when people spread malware just to give good ratings to (malware-infested) apps. I admit to anticipating this in cynical moments but it's still a delightful surprise. Whoever's doing this, fuck you, fuck google, fuck all rating systems, thanks for the lulz.

  4. HildyJ
    Facepalm

    It's infecting 13,000 obsolete phones owned by gullible people each day. Meanwhile, about 1,500,000 Android phones which are immune to the attack are sold each day. Next we'll learn that giving your bank account information to someone who promises to transfer millions into it is a bad idea.

  5. Anonymous Coward
    Anonymous Coward

    How convenient

    Several key points glossed over.

    This is outside of Google play, so the devices (if this number is true, which I doubt, coming from checkpoint) have all had device security intentionally disabled.

    Google have patched KitKat and Lollipop, so it's not really their problem, if your device is susceptible, then it's because you bought a cheap phone and your manufacturer doesn't care about you anymore.

    Lastly, how did checkpoint come up with that number. Details please. As until they do, its got all the hallmarks of classic checkpoint clickbait

    1. Anonymous Coward
      FAIL

      Re: How convenient

      "Google have patched KitKat and Lollipop, so it's not really their problem,"

      I own a HP laptop.

      MS release patches on a monthly basis.

      So do I need to rely on HP to get it onto my laptop?

      It was a shit design from day one that they have only relatively recently started addressing.

      1. Anonymous Coward
        Anonymous Coward

        Re: How convenient

        >I own a HP laptop.

        >MS release patches on a monthly basis.

        >So do I need to rely on HP to get it onto my laptop?

        I own an HP Slate Tablet...

        Google release patches on a monthly basis

        HP messed with around with the source and use proprietary drivers, I so have to rely on them to get it onto my tablet.

    2. Anonymous Coward
      Anonymous Coward

      Re: How convenient

      > This is outside of Google play, so the devices ... have all had device security intentionally disabled.

      The option to "only install apps from walled garden" hardly constitutes "security", given the profusion of malware apps in said walled garden. Furthermore, I've seen new android phones with that option flipped to "do install 3rd party APKs".

  6. wayne 8

    Why you not name the app?

    The name of the app would help.

    I trust Checkpoint like I do Google.

  7. jayc

    Rooted Android

    I for one, might be among the few that celebrate as a result of infection, primarily because it claims to Root the infected device(!)

    After multiple attempts using tried and tested methods - and by using 'Official' Rooting Apps, there has so far been nothing that will root my (t)rusty ol' Motorola smartphone with Intel processor, running Android 4.4.2

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019