Â
|
|
Quote: |
A new variant of Android malware is responsible for what’s believed to be the biggest single theft of Google accounts on record. The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prizing the devices open and stealing the tokens users are given to verify they are authorized to access their accounts. It’s main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month. And Gooligan is spreading at an alarming rate: since the start of this month, it’s been racking up an average of 13,000 new infections every day, according to researchers from Check Point. The malicious software first gains a foothold on devices when users visit a website and download a third-party app. Michael Shaulov, head of mobile and sloud Security Check Point, said that might be a porn site, or a third-party app store, where visitors are encouraged to download software to get access to content. But once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to “root” the device – i.e. take complete control over it. To do that, the attackers have used long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion. Most infections (40 per cent) are in Asia, though 19 per cent are in the Americas, most of which are in North America, Shaulov said. Another 12 per cent are based in Europe. |
It's inevitable. The cloud, the passwords, the marketing tracking software's, etc. It all adds up to too much available information which is only secure for a short while.
Nobody is safe.
More like user stupidity. The only people affected are the ones who download these third party apps from .
Just recently got a Google Pixel, which cuts out the middlemen -- you get updates directly from Google.
It's inevitable. The cloud, the passwords, the marketing tracking software's, etc. It all adds up to too much available information which is only secure for a short while.
Nobody is safe.