Archived Thread

NFT: FYI, largest hack of Google accounts happened recently

Moondawg : 11/30/2016 11:14 am

Quote:

A new variant of Android malware is responsible for what’s believed to be the biggest single theft of Google accounts on record. The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prizing the devices open and stealing the tokens users are given to verify they are authorized to access their accounts. It’s main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.

And Gooligan is spreading at an alarming rate: since the start of this month, it’s been racking up an average of 13,000 new infections every day, according to researchers from Check Point. The malicious software first gains a foothold on devices when users visit a website and download a third-party app. Michael Shaulov, head of mobile and sloud Security Check Point, said that might be a porn site, or a third-party app store, where visitors are encouraged to download software to get access to content.

But once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to “root” the device – i.e. take complete control over it. To do that, the attackers have used long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion. Most infections (40 per cent) are in Asia, though 19 per cent are in the Americas, most of which are in North America, Shaulov said. Another 12 per cent are based in Europe.

Link - ( New Window )

Each and everyone of us Â

Giants2012 : 11/30/2016 11:21 am : link

will have our identity stolen and abused at some point.

It's inevitable. The cloud, the passwords, the marketing tracking software's, etc. It all adds up to too much available information which is only secure for a short while.

Nobody is safe.

Yeah, it's scary out there and getting scarier Â

Giantology : 11/30/2016 11:51 am : link

Starting to get my ducks in a row - two factor authentication, removing saved CCs from shopping sites, etc. No silver bullet but anything you can do, you should do it...

It's not really a hack Â

BH28 : 11/30/2016 11:53 am : link

when you have to physically download an app from a third party site for it work. Anyone who doesn't download the malware is not at risk.

More like user stupidity. The only people affected are the ones who download these third party apps from .

This vulnerability was fixed in Android over a year ago Â

Jim in Fairfax : 12/1/2016 11:49 am : link

The problem is most people don't get updates. You are generally beholden to the phone maker and your service provider to get the updates to you. And they have no incentive to spend the money and effort to do it.

Just recently got a Google Pixel, which cuts out the middlemen -- you get updates directly from Google.

RE: Each and everyone of us Â

Joey in VA : 12/1/2016 12:06 pm : link

In comment 13241106 Giants2012 said:

Quote:

Sweet Jesus, relax.

I never use the cloud Â

PatersonPlank : 12/1/2016 12:15 pm : link

Hate it.

. Â

Vin R : 12/1/2016 12:18 pm : link

So if you go to sketchy sites Â

GmanND : 12/1/2016 1:36 pm : link

and do sketchy things bad stuff could happen? What next. How about don't be stupid. That's a great deterrent to most any threat.