New Google Android Malware ‘Googlian’ Is Spreading Through Seemingly Legitimate Apps Being Downloaded From Popular Third-Party App Stores

A new malware that targets Google’s Android Operating System (OS) is suspected to have compromised more than a million Google accounts. Dubbed “Googlian” by the security company that discovered the attack, the malware campaign first emerged in August, and is believed to be gaining illegal access to 13,000 new devices per day.

More than a million Google accounts have reportedly been breached by a malware that targets slightly older versions of the Android OS, confirmed cyber security firm Check Point Software Technologies Ltd. The researchers were able to trace the malware back to dozens of “legitimate-looking” apps like “Wi-Fi Enhancer,” “GPS,” “Beautiful Alarm, “Battery Monitor,” and even “Google.” However, when the team dug further, they realized all of these apps had either been downloaded or updated from third-party Android app stores that run parallel to the official Google Play Store.

Google has always advocated the use of its official app store to download and update apps. The company cautions users to be wary of the promise of paid apps being available for free from any third-party app stores. The company warns such apps can be riddled with malicious code, which might infect the devices. However, the lure of getting premium apps for free is too much for a large number of Android smartphone users, who have one or several such third-party app stores installed on their devices. Besides apps, the attack is also being spread through links that are being sent through text messages as well as instant messaging applications. Needless to add, the messages are being autonomously generated on smartphones that have already been compromised by the malware.

The malware isn’t targeting the latest Android version called Nougat. Instead, it is targeting smartphones that are running on slightly older versions of the OS, namely Jelly Bean, Kit Kat, and Marshmallow. The research team discovered the malware is taking advantage of two known vulnerabilities in the Linux kernel. Once the malware gains entry into the smartphone through the legitimate-looking apps, it exploits these vulnerabilities in the Android operating system to install other apps and malicious software without users’ permission or knowledge.

Once the malware has gained a strong foothold within the Android ecosystem, it allows the attackers to remotely gain complete access to the victims’ email addresses and authentication tokens in order to dive deeper into their extensive personal data stored across Google, noted Check Point’s representative.

An infected app essentially allows the malware to operate discreetly under the operating system, giving the attackers access to the victims’ Google account, which includes Gmail, Google Photos, Google Drive, etc. This happens because an Android smartphone user’s Google account is deeply entrenched within the OS.

The malware campaign is concerning because there are millions of Android devices that haven’t been updated to the latest iteration of the OS. In fact, according to the latest numbers, only 20 percent of Android devices are running the latest software updates. Worryingly, several of the smartphones will never be updated to the latest iteration, which means many users will continue to remain vulnerable when flaws emerge in older versions, reported CBS News.

Interestingly, the malware isn’t accessing any personal emails or files yet. When the research team analyzed the compromised Google accounts, they found no evidence that suggested the malware was accessing or exporting data. Moreover, despite being capable of, it wasn’t using personal tokens to commit fraud. Instead, the malware is merely attempting to influence Google Play app rankings.

The malware stealthily downloads and installs non-malicious apps from the Google Play Store. After that, it leaves five-star rankings for each of the apps without the smartphone owner knowing about it. While this might not seem sinister, experts point out the enormity of the campaign.

With a million devices already compromised, and more being added daily, the attackers hold a huge influence on the Play Store rankings for the targeted app. By synthetically boosting the rating of any app the attackers want, the potential windfall is far more than a stolen credit card.

The security team that discovered the malware campaign has released a tool to confirm if “Googlian” has managed to compromise the account.

[Featured Image by Justin Sullivan/Getty Images]