Two weeks ago, mobile security firm Check Point Software announced they found a new piece of malware used to generate ad revenue on the Android platform. Gooligan, as reported by Check Point, roots infected devices. Once rooted, Gooligan stole “authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and more.”
There has been no report of the malware authors using the stolen tokens to access data on the device. The sole purpose of Gooligan was to install additional applications on Android devices and generate ad revenue.
Check Point worked closely with Google. Google took several steps to ensure Android was as secure and safe as possible. Google revoked compromised tokens. This prevented the malicious actors from using these to generate additional ad revenue. Google also made changes to ensure similar software is not distributed through the Google Play Store.
Gooligan Malware: What You Can Do Today to Protect Your Business & Users
As always, the mobile security team here at VMware AirWatch is committed to providing you guidance to ensure that your mobile devices are secure. It is recommended that you:
1. Enable root detection on your Android devices.
2. Encourage your Android users upgrade to the latest versions of the operating system (OS) available.
3. Encourage users to download applications from trusted application stores, like the Google Play Store, where Google blocks malicious apps through a number of steps, including verified apps, malware scanning, manual review and more.
4. Educate your end users on the importance of running the most recent versions of mobile operating systems. Encourage them to install all security patches as they become available.
5. Consider partnering with the MTD partners in the VMware Mobile Security Alliance (MSA) community to provide additional levels of mobile security.
Want to learn more about how you can better protect your business against mobile security threats? Visit our mobile security website here.
Because you liked this blog: