ANDROID USERS are being assailed by a new variant of the Ghost Push malware, with the claim today that more than one million devices have been compromised in a new campaign - dubbed Gooligan by the researchers at Check Point Software.
According to Check Point, the users of 13,000 Android devices are falling victim to the malware every day, which purloins email addresses and authentication tokens stored on the devices.
Using this information, the attackers can then access user data from Gmail, Google Docs and Google Play accounts, as well as all those embarrassing selfies stored in Google Photos.
It also generates cash for the criminals by fraudulently installing apps from Google Play and rating them on behalf of the victim.
The malware is now installing at least 30,000 apps on compromised devices every day, and has installed more than two million since the campaign began. We presume the campaign started slowly as Check Point claim to have first caught sight of the malware in August last year.
"We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them," warned Check Point Software's head of mobile products, Michael Shaulov.
If you're packing the latest version of Android there's no need to worry, according to Shaulov: Gooligan only targets devices on Android 4 (Jelly Bean and KitKat) and 5 (Lollipop), although that still represents almost three-quarters of all Android devices in use today.
Google's security team has duly tugged its forelock in Check Point's general direction, with Adrian Ludwig, Google's director of Android security, thanking the company most profusely for its assistance.
"As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall," grovelled Ludwig.
Google has sought to identify and contact affected users, revoke their authentication tokens and to remove apps associated with the Ghost Push malware family being punted in the Google Play emporium.
Check Point Software, in its infinite munificence, has also provided a free online tool* to check whether a device has been breached by the malware - which would be highly advised if you've seen some of your saucier selfies turn up on < ahem> certain other websites out there... µ
* which wasn't working when we tried it out this afternoon
What could possibly go wrong...
Committee clams firm failed to implement 'adequate security'
Meme Ban means Meme Ban
It's anonymous data at first but the NYT figured out how to make it personal