By Robert McMillan
Malicious software disguised as legitimate apps for Android smartphones and tablets has seized control of more than one million Google accounts since August, according to research from security firm Check Point Software Technologies Ltd.
The apps had innocent-sounding names, such as StopWatch, Perfect Cleaner and WiFi Enhancer. But they exploited known flaws in older versions of the Android operating system to take control of devices and install other apps and ad-spewing software without permission. Some of the unauthorized apps alsoused the victim's user name and password to post fake reviews.
The malicious "Trojan Horse" software--called Gooligan--was found in 86 fraudulent apps and has been infecting about 13,000 Android devices a day, Check Point said. The Gooligan apps come from third-party app stores rather than Google's authorized Play store, but some apps that they download without authorization can be found on Play, Check Point said.
Users whose devices have been infected see pop-up ads and unwanted software, Check Point said.
Gooligan is a variant of malicious software known as Ghost Push, which has been giving Android users headaches for two years. Google, a unit of Alphabet Inc., last year tracked more than 40,000 Ghost Push apps.
"We appreciate Check Point's partnership as we've worked together to understand and take action on these issues," a Google spokesman said in an emailed statement.
Google said it has removed apps associatedwith Ghost Push from Google Play. It has also taken steps disrupt the servers used by the malware's creators and to secure Google accounts compromised by the malicious software.
Although the free apps offered by alternative stores can be enticing, they come with risks, Google said. In a Google+ post, the company urged users to download only from the Play store.
Devices at risk from the Gooligan software are those using Android 4 (the versions nicknamed Jelly Bean or KitKat), initially released in 2012, or Android 5 (Lollipop), released in 2014, Check Point said. Users wondering if their devices have been compromised can visit Check Point's site for a mobile-phone checkup and to learn more.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
November 30, 2016 08:44 ET (13:44 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.