Latest in Gear

Image credit:

Android malware skews Google Play ratings by installing apps

You're probably safe if you have a recent phone, but there have been over 1 million infections so far.
Jon Fingas, @jonfingas
November 30, 2016
Share
Tweet
Share

Sponsored Links

Reuters/Dado Ruvic

Malware writers haven't stopped trying to game app rankings through bogus app installs. Researchers at Check Point have identified a new strain of the longstanding Ghost Push malware, Gooligan, that has infected over 1 million Android devices to date and continues to grow (about 13,000 new infections per day). As with earlier code, attackers trick you into installing a Gooligan-based app through either a third-party app store or a phishing scam. Once it's on your phone, the software takes advantage of Linux kernel exploits to access your Google authorization token and install fraudulent apps, whether to boost their Google Play rankings or to generate money through ads.

You're probably safe. Google fixed the vulnerability in Android 6.0 Marshmallow and beyond, and you're unlikely to run into one of the malicious apps if you stick to downloading from Google Play. Also, Google observes that the apps aren't harvesting data or committing fraud beyond the Google Play ratings. If you're concerned, you can use a web tool from Check Point to verify whether or not Gooligan has abused your account.

The concern, as is frequently the case with Android malware, is that many people will remain at risk. As of this story, Google reports that only 24.3 percent of users it tracks are running sufficiently up to date versions of Android. Also, Google Play isn't always an option -- the Chinese can't use Google Play, for instance, while others may have devices where the store app isn't installed. It may take a long while before enough people are up to date (most likely through new hardware) that malware like Gooligan is no longer effective.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The Apple iPhone

The Apple iPhone

View
Tesla accuses engineer of stealing crucial company software

Tesla accuses engineer of stealing crucial company software

View
Facebook inexplicably logs out iPhone users

Facebook inexplicably logs out iPhone users

View
Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

View
SpaceX launches a record 143 satellites into orbit

SpaceX launches a record 143 satellites into orbit

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr