There’s a new attack targeting Google apps running on Android versions 4 and 5.

The malware is picked up from unauthorized apps distributed through 3rd party app stores – the kind of app stores that provide “free” versions of your favorite apps, or that require you to download an app in order to access content. The malware can also be spread through phishing attacks.

The main purpose of the malware is to perpretrate advertising fraud. Essentially it takes control of the user’s device, causing it post fake reviews to the google play store which in turn inflates the reputation of apps. The malware also installs adware providing the attackers a direct revenue stream.

The scariest thing about this attack is that the malware is able to access the authentication tokens from the Android device and uses them to access the user’s Google accounts. This leaves any data in the user’s Google apps account vulnerable.

The exploit takes advantage of security holes in Android that have since been patched but have not been updated to all devices. Another good reason to keep your devices and all apps up to date.

Currently the only save for your device is to do a complete reinstall of your device’s operating system. You would then want to change your account password only AFTER the re-install.

If you own an Android device, check your apps for anything unusual. If you see any strange apps installed on your device, this could be an indication that you’ve been infected.

You can also go here to check if your account has been compromised:

https://gooligan.checkpoint.com/

If you determine that you have been infected you should power down the device and consult an IT professional or take the device to the service provider where you purchased the device. They will likely be able to help you.

As always feel free to contact us with any questions or concerns.