The branch of malware known as Ghost Push now has a new component, Gooligan, and it certainly lives up to its name. In late November, 2016, Google was struck by an attack that infected over one million Android users, with over 13,000 additional devices adding to that total on a daily basis.
Gooligan is able to steal the authentication tokens that are required to access data contained in many of Google’s popular offerings, including Drive, Docs, Gmail, and the G Suite.
However, it would seem that, instead of extracting personally identifiable information, the culprits have elected to install malicious Google Play apps to generate fraudulent ad revenue. Reports have said that this modus operandi nets the attackers about $320,000 every month, and that Gooligan may be the biggest recorded breach of Android devices, ever.
This makes it all the more fortunate that Gooligan has, as of yet, shown no signs of stealing any of the data it could potentially have accessed. Google has even gone on record in their belief that, “The motivation… is to promote apps, not steal information.”
While Google has since removed the apps that include Gooligan from the Play Store, there could potentially be countless more similar threats, lurking in wait of their next victim. This means that, should your employees be able to access the Play Store on their work devices, your business could be a potential victim.
Therefore, every member of a business should be informed of the seriousness of clicking around mindlessly when using a business device. Institute a policy of only allowing business-related apps on company devices, and require any BYOD devices to be thoroughly vetted by IT.