Multiple security firms including Check Point Software have revealed and confirmed a security breach that could affect more than one million Android devices and phones worldwide. Dubbed as ‘Googlian’, like any other malware, it tries to gain access to sensitive information. But this time, it targets Google services including Gmail, Google Drive, Google Photos, Google Docs, etc.
Gadgets that are running Devices running Android versions 4 (a.k.a. Jelly Bean and KitKat) and 5 (a.k.a. Lollipop) are at risk. It is really an issue since 74 percent of all active devices are running those versions and a rough estimate of 19 percent is in the US.
How does this get into an android device? There are a lot of free apps out there and most are free. It is very tempting since they seem to be legit and free so people tend to download them.
If you do not obtain the app from the Google Play Store, then it might have been tampered with or laced with malware. It might be a legit software after all, however Phising links are placed strategically before you can download it. Once the malicious app has been installed, it sends key device data to Googlian which in turn allows it to root the device and gain almost or all access and control to the device and its data.
This is not the only thing it does to the device. A control module is downloaded to the device to mimic the user behavior, making it difficult to detect and allowing it to swipe authentication information, and install apps and adware. By doing this, Googlian is actually able to artificially bump up the ratings of its malicious apps, further tempting users to download them and enter the vicious cycle.
In a blog post published Tuesday, Google assured users that the company’s security team has worked closely with Check Point in their investigation of the Googlian malware. According to the post, the security team has been working on measures to protect users from what it terms “Ghost Push” apps, which are most often downloaded outside the Google Play Store and work to install malicious software on their own post-download.
To check if your account is breached, visit gooligan.checkpoint.com. If your credentials are among the compromised, Check Point suggests a clean installation of your operating system. A clean install (or “flashing”) a device is a long, multi-step affair, so you may want to head to your service provider for help. Once that’s done, reset your Google account password(s).
Make sure to create an secure password. It is highly recommended to changing it to a combination of uppercase, lowercase, numbers and symbols with a minimum of 8 characters e.g. Qp09rT!
Below are a the specified guidelines for Google password creation:
Name and password guidelines
When choosing usernames and passwords for users and groups you add to your Google Cloud account, consider the following:
* Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes (‘), and periods (.).
* Usernames can’t contain an ampersand (&), equal sign (=), brackets (<,>), plus sign (+), comma (,), or more than one period (.) in a row.
* Usernames can begin or end with non-alphanumeric characters, with a maximum of 64 characters.
* Passwords can contain any combination of ASCII characters and must contain a minimum of 8 characters.
* First and last names support unicode/UTF-8 characters, with a maximum of 60 characters.
* Periods (.) are not ignored as they are in a gmail.com account. If you create a user account called username, this user will not be able to receive messages addressed to user.name, or us.er.na.me, or any other combination of periods. To let a user receive mail with these variations, create an email alias for them.