The researchers at a cyber security company known as Check Point recently discovered a new Android malware variant which has the ability to hack Google accounts of random users. This malware has already breached the privacy of more than a million Google account holders and continues to do the same. Currently, the malware is affecting almost 13,000 Android devices in one day. Dubbed Googligan, the malware affects the devices through various Google play apps. So far 132 apps on the official Google Play market carry this malware which enters the user’s system on the installation of any of these apps. All these apps belong to seven different developers but apparently, they can’t be blamed as even the developers were unaware of its presence. Check Point has reported this issue to Google Play authorities so that they can start working to rectify them.
Affected Google Play apps steal the authentication details of the Google accounts synced to the device. On attaining this information, the hackers can access the user’s data stored in Gmail, Google Docs, Google Photos, Google Play, and G Suite. Google officials later clarified that this malware has not affected any personal files of the users. The Android Security System has already scanned all the affected accounts and taken down the faulty apps from the Google Play store.
How the Android malware affected the devices
The root cause of this mishap is not the app developer’s fault but is a bug which is present in the development platform of the malicious apps. This malware looks for HTML pages and injects infectious content towards the end of such HTML pages. As a result of this, Android malware was present in the development platform without the knowledge of the developer. The malicious apps mainly contain HTML-based IFrame tags which are connected to two heavily fatal domains. The malware has two abilities, one of them is to open interstitial apps and the other loads the main app. The common factor in all the malicious apps is that they consist of the Android WebView constituent.
One of the infected HTML pages attempts to download and install a harmful Microsoft Windows executable file. This purpose did not materialize as the Android devices don’t support such Windows file. This was a result of the Non-Android threat category. Such HTML pages create revenue for the hackers to install certain apps. It also rates the apps on behalf of the user, all of this on a fraudulent front. Through this process, the Android malware has installed more than 2 million apps. The malware specifically targets devices which run on the Android 4 KitKat and Android 5 Lollipop version.