Monday, December 5, 2016

Never *Ever* Download an App Outside of Google or Apple's Store

Probably the best reason for only downloading from the Google Play Store or the Apple App Store is that the apps located therein have been carefully screened by Google and Apple.  That means that the odds of getting any type of malware hidden in your app is pretty slim.
However, there are those of us out there that are cheap enough to download and install apps from places other than “the stores” and often times those apps come with a little something extra… malware.  What do expect for free?  I mean, let’s face it, nothing in life is free.  So hackers are creating very pretty looking and enticing apps that just beg you to install them.  Once installed the malware packet is also installed and begins to do all kinds of nefarious things such as steal your data, etc.
The most recent example of this is Gooligan and it has recently been estimated that at least 1.3 million Android users are infected.  Not only that, but it continues to infect 13,000 new devices every day.  Once Gooligan is installed on your Android device, it steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.  Nice, huh?
You’ve read here before about Check Point Software Technologies, a company of which I have become a really big fan.  They have done a lot of work on Gooligan and have also been working with Google on the problem.  Here is what Check Point has to say:

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device.”

“Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages.”

So how does Gooligan work?  Here is a graphic that does a great job of explaining it:
Gooligan Map.jpg

No comments:

Post a Comment