Following the news that more than a million Android users stand at risk as a malware called Gooligan is giving access to hackers to root their devices remotely, IT security experts from ESET and Positive Technologies commented below.
Mark James, IT Security Specialist at ESET:
“With this malware affecting so many devices running such a large portion of the Android operating system it’s imperative that you check to see if you have already been infected. So many users do not see the same dangers when comparing mobile devices and desktop machines that often the perception of danger is massively reduced.
Mobiles these days are a very integral part of our lives and quite often once the technology is embraced we strive to do more and more on the move. This particular malware enables an attacker to completely compromise the account allowing the new owner to have total root access enabling them to virtually do as they please on the victim’s device. Google are already working hard to limit the damage caused by this but you should check to see if your device has already been affected.
Checkpoint have set up a link (https://gooligan.checkpoint.com/) to enable you to do this with little effort. If you find out your account has been compromised the best option is a clean install of your mobile device, and certainly change your Google account passwords as a matter of urgency.”
Alex Mathews, EMEA Technical Manager at Positive Technologies:
“Root access like this gives an attacker a massively escalated set of privileges.Combine this with the fact the malware has been in the wild for a few months and the sensitivity of data now held on phones, and it is a worrying threat. Given it can scrape information from the plethora of Google cloud services, anyone affected should change their passwords and get their phone flashed immediately.This is one which needs to be obliterated from your device at the deepest level.”