A quick public service announcement….at the end of November security firm Check Point and Google announced that a variant of Ghost Push malware called Gooligan had infected over million Google accounts, with numbers increasing every day. The malware is present in apps typically downloaded outside of Google Play and infects devices on Android 4 (Jelly Bean and KitKat) and 5 (Lollipop).
If infected, the malware exposes “messages, documents, photos and other sensitive data. This new malware variant roots devices and steals email addresses and authentication tokens stored on the device.” so it’s not very nice.
Fortunately, the team at Check Point have developed a tool which checks if your Google account has been compromised. All you have to do is enter the email address associated with your Android device.
While we are on the subject, if you want to check if your email address has been garnered in any of the recent security breaches, check out haveibeenpwned.com which tells you who’s been sloppy with your details (thanks, Adobe and LinkedIn).