Featured Article from Software Licensing

Google, Check Point Form Task Force Against 'Gooligan'

November 30, 2016

Software companies spend a great deal of time and money today ensuring that their customers are in compliance with their software license agreements while also protecting their software from piracy. Protecting against application tampering is one of the most urgent needs, as demonstrated daily by both high-profile and small to medium-size business security breaches that negatively affect customer trust and revenue. Google (News - Alert) is the most visible high-profile victim in the news.

Even the highest profile software providers aren’t invulnerable today. Forbes’ Thomas Fox-Brewster is reporting today that a new variant of Android (News - Alert) malware, nicknamed “Gooligan,” is responsible for what’s believed to be the biggest single theft of Google accounts on record. The virus has reportedly infected about 1.3 million Android phones – that’s 13,000 new infections every day, according to Check Point, since August of this year by virtually cracking the devices open and stealing the tokens users are given to verify they are authorized to access their accounts. The infection begins when the device user visits a Web site, often app stores or porn sites. The goal of the virus isn’t to steal data – not this time – but to force users to download apps that are part of an advertising fraud scheme.

“Once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to ‘root’ the device – i.e. take complete control over it,” wrote Fox-Brewster. “To do that, the attackers have used long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 percent of Android devices in use today, totaling around 1.03 billion.”

The virus also presents other security risks: once hackers control the Google account token, they can also access victims’ Google docs, Gmail, photos and any documents stored in the cloud via Google Drive.

“The attackers have forced victims to download and give positive reviews to apps on Google Play, which provides an illicit revenue stream as the hackers also run advertisements within the applications,” wrote Fox-Brewster. “Every download and every click on the ad adds a small amount to the attackers’ coffers.”

Google has been fighting this virus since last year, when it first debuted as “Ghost Push.” Check Point and Google have reportedly been working together on a task force to stem the proliferation of Gooliga. Earlier today, Check Point released a free tool to check for infection.

While not every company’s software is as prominent as Android, this doesn’t mean they’re not a target. (Smaller companies are often perceived as easier marks, so attacks on SMBs are on the rise.) To keep software secure, experts recommend taking a holistic approach by not only understanding core security principles and encryption methods, but determining which methods are likely to result in the best methods to secure your software. (See this informative blog series by Flexera Software’s Tu Le.) There’s no “one size fits all” approach to every industry and every type of software. 

Edited by Maurice Nagle
Article comments powered by Disqus