1 million Google accounts infected by Android malware called Gooligan. Original article by Check Point
Image from blog.checkpoint.com
How do you know if your Google account is breached?
You can check if your account is compromised by accessing the following web site that Check Point created: https://gooligan.checkpoint.com/.
If your account has been breached, the following steps are required:
- A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
- Change your Google account passwords immediately after this process.
How do Android devices become infected?
Check Point found traces of the Gooligan malware code in dozens of legitimate-looking apps on third-party Android app stores. These stores are an attractive alternative to Google Play because many of their apps are free, or offer free versions of paid apps. However, the security of these stores and the apps they sell aren’t always verified. Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.
What can nonprofits do to lessen the chances of becoming the next cyber security victim?
- Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
- Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
- Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers.
We suggest reading: FBI Issues Public Service Announcement on Ransomware