Dear Black Bag Confidential Reader,
Earlier this year, a Chinese advertising firm was caught stealing over $300,000 per month from unsuspecting victims using their smartphones.
Here’s how the hack worked…
The victim was directed to an infected website that would force an app download on their phone. Or the website might trick them into doing a system update that actually downloaded malware.
Once the advertising company gained access to the device, they would trigger ad displays, ad clicks, even app downloads on the victim’s phone.
Most of these attacks occurred in Asia, where the company generated $10,000 per day from these fraudulent ads. Over 10 million devices were infected by this hack, which led to a lucrative revenue stream for the company.
Recently, a new hack was discovered that used a similar method to the one carried out by the Chinese company — but with far greater consequences.
The new malware has been dubbed “Gooligan.” When you download infected apps, the malware takes control of your phone without your knowledge or permission. This malware targets Android users, and so far millions of people around the world have been affected.
Not only does this hack make money from ad clicks and app downloads, but once the hackers have control of your phone, they also go after your Gmail account.
They send all your information to a remote server they’ve set up. This allows them to access your Gmail, Google Docs, Google Drive and photos — even if you have two-factor authentication.
As of yet, no one is sure what the hackers intend to do with all the account information, but the fact that they have access to millions of people’s information (and currently, it’s just sitting there) is scary.
So far, 1.3 million Gmail accounts have been hacked, which is increasing on a daily basis.
This new malware targets devices running Android 4 and 5, which turns out to be about 74% of Android users. As a result, researchers believe that 13,000 people a day are being targeted by these attacks.
So what can you do to stay safe?
Of course, the first thing to do is to make sure your device has the latest update installed — and that it’s from a legitimate source. You can check your phone company’s website to see the latest available update. Or you can call their customer service and ask.
Second, never download an app that isn’t from the official app store. A lot of people are being infected by the Gooligan malware because they are downloading free versions of apps instead of paying for them in the Google Play Store. I understand everyone wants to save money, but it’s not worth risking all of your personal information.
Finally, to find out if you’ve been a victim, visit checkpoint.com. Enter your Gmail address in their “Gooligan Checker” to see if your account was breached.
If your phone has been infected by any type of malware, the only option you have is to do a clean reinstallation of the operating system. The only downside is this may cause you to lose a lot of your data.
But that’s a small price to pay for a huge weight off your shoulders.
Stay safe,
Jason Hanson
