NOTE: This malware applies only to Android phones. If you have an iPhone, your device is not affected by this malware.
A massive fraud campaign is exploiting Google accounts on Android devices. More than 1 million accounts have already been compromised, and an additional 13,000 accounts are infected each day.
Malicious software is installed on Android devices through a phishing email or through apps purchased from third-party app stores. The malware might do the following:
- Collect data about your device
- Access your Google account, including Google Play, Gmail, Google Photos, Google Drive, and G Suite
- Install fraudulent apps from Google Play and rate them positively
- Download adware to generate revenue
Once installed, the malware takes over the device and installs apps to make money for a fraudulent advertising scam. Stolen Google usernames and passwords are used to post fake positive reviews about the apps, which increases their ratings in Google Play. Each time a fraudulent app is installed or an advertisement is clicked, the criminals behind the scheme make money.
The malware has been successful stealing usernames and passwords because it is able to bypass current Google security measures, including two-factor authentication. To determine if your Google account has been compromised, visit this site set up by Google and its security partner. Type the Gmail address associated with your Android. A pop-up will state whether your account was breached.
If your account has been breached, change your Gmail password immediately, as well as similar passwords in other accounts. It appears that the only recourse for deleting the malware is a clean installation of the operating system (“flashing”). It is recommended that you have a certified technician or your service provider “re-flash” your device.
Whether you use an Android or an iPhone, do not install apps from an email or from third-party app stores. Do research and read reviews before downloading any app to keep yourself, your company, and your friends and family secure.
Our Cyber Defense practice stands ready to help you stay protected, prepared, and ahead of the threat.