A new malware campaign has been discovered in over 1 million Android devices, according to a new report from the security firm Check Point. Dubbed “Googlian” by the firm, the campaign first emerged in August, and is currently compromising devices at a rate of roughly 13,000 per day.
The malware targets vulnerabilities in Android versions 4 and 5 (Jelly Bean, Kit Kat, and Marshmallow), and spreads through seemingly legitimate apps in third-party app stores. More than half the infections are in Asia, where third-party app stores are particularly popular.
A full list of infected apps is included at the bottom of Check Point’s report, which ranges from simple games like “Slots Mania” to a more suspicious app called “Sex Photo.”
The malware takes advantage of two known vulnerabilities in the Linux kernel, allowing it to take control of a user’s device once a malicious app has been installed. From there, the malware compromises the device’s Google authorization token, giving it broader access to the user’s Google account including Gmail, Drive, and Photos.
According to Google, the malware isn’t accessing any personal emails or files. When the Android Security team scanned the affected accounts, it found no evidence of the malware accessing data or otherwise using the token for fraud. There was also no evidence of the malware targeting any particular people or organizations.
Instead, the malware authors seem to be using their powers to game the Google Play app rankings. Instead of downloading inboxes or Drive accounts, the malware installs non-malicious apps from the Google Play Store, leaving five-star rankings for each app. With over a million devices in on the scheme, the result is a huge boost in the Play Store rankings for the targeted app, potentially worth far more than a stolen credit card.
The article was published on : theverge