[PSA] Android users: 1M+ Google accounts have been breached (Gooligan).
Today is not a good day for security, it seems.
In addition to the Firefox 0-day exploit, it seems that Android users need to keep a close eye on the apps they’re downloading, particularly from third-party app stores. You can check out the detailed article from Check Point on the topic. The article contains two items in particular that you may find helpful:
- Scroll down to Appendix A at the bottom of the aforementioned Check Point article. This is a list of “fake” apps that are known to be infected with Gooligan.
- Check Point has put together a quick tool that allows users to check and see if their accounts have been infected with Gooligan. To use the tool, go to https://gooligan.checkpoint.com/ and enter the email address(es) associated with your Android device(s). Hopefully, you’ll get a pop-up informing you that your account has not been breached.
It’s sad to say, but the dose of paranoia one needs to stay safe on the net these days is no longer creeping upwards. Rather, it is growing in leaps and bounds. As are the number of internet-connected things we all have in our homes, each of which should be viewed with at least some degree of concern.1
In truth, if it is connected — or can connect — to the Internet (and maybe even if it can’t), it should be a security concern. Every time a home gets smarter, it most likely also gets less secure. It seems almost inevitable that someday soon, the sheer number of insecure devices is going to result in some sort of … something. I’m not sure what, but it’s not going to be good.
Stay alert! Trust no one! Keep your laser handy!