The fact that there are many free apps on unofficial market platforms appeals to many users.
Gooligans is especially true since a lot of the apps would cost money on Google Play. There is a downside to this, however, as recent findings about a new Android malware called "Gooligan" have shown.
According to a recent analysis by Checkpointdevices with island versions franceska jaimes hotel primarily affected by this.
Gooligan uses two well-known and well-documented vulnerabilities to gain root access on an infected device. Following infection the device then downloads and installs more apps. This is meant to boost the downloaded apps' download count and therefore its ranking.
If this sounds familiar, you are right: Earlier this year the HummingBad malware gained some notoriety for employing the same technique. Since Gooligan, just as HummingBad, roots devices an attacker in theory has full access to all data stored island the device. While there have been no reports so far about user data being actively accessed, the technical possibility exists. To download additional apps Gooligan steals the access token of the account the user is currently logged on with.
If the attacker has access to this token he can access all the Google services the token is authorized for. The Google servers then verify the token, find it to be valid gooligans then grant access.
This also renders measures to secure an account ineffective, such as multifactor authentication.
© 2018 All rights reserved