Root

Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:  http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.

 

 

The su Command: Elevate Yourself

OS:  Unix / Linux

Often called the “Super User” command. The su (short for substitute user) command makes it possible to change a login session’s owner without the owner having to first log out of that session.

Although su can be used to change the ownership of a session to any user, it is most commonly used to change the ownership from an ordinary user to the root (i.e., administrative) user, thereby providing access to all parts of and all commands on the computer or system.

And like that of Goku from Dragon Ball Z you elevate yourself to be a powerful user.

Usage example:

sysadmin@jermsmit:~$ su
Password:
root@jermsmit:/home/sysadmin#

 

dSploit – An Android network penetration suite

Not to cause paranoia; Just know that there are people out there looking to compromise your security, especially when you are using wireless networks via your laptop, tablet, or smartphone.

One of such tools are the well known tool called dSploitdSploit, a security toolkit for Android, makes that process so simple anyone can do it.

This network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack log-on procedures of many tcp protocols, perform man in the middle attacks such as password sniffing with common protocols dissection, real time traffic manipulation, etc…

Requirements

An Android device with at least the 2.3 ( Gingerbread ) version of the OS.
The device must be rooted.
The device must have a BusyBox full install

A full list of features can be found here: http://www.dsploit.net/features

How To: Install CWM Recovery on AT&T Galaxy S4 – SGH-i337

Sometime ago I had rooted my Galaxy S4 (SGH-i337) to enabled WiFi Tethering because I wasn’t done testing the stock image from Samsung / AT&T. Now its time for me to prepare to install CyanogenMod; Before I can do so I need to install ClockworkMod Recovery (CWM) which is a replacement recovery option for Android devices, made by Koushik “Koush” Dutta. More info here.

While the boot-loader on AT&T’s Galaxy S4 is locked  there is a way to install the custom recover using the LOKI method created by one of the XDA Developers which bypasses the boot-loader check to enable the custom recover options and allow you to install ROM’s.

So a few things we need to start and I’ll provide steps that worked for me.

Phone must have been rooted before starting this process (as you will need to move files around in system directories that you can only access as root

You need to download the loki_flash form: http://downloadandroidrom.com/file/GalaxyS4/loki/loki_flash  or from Github: https://github.com/djrbliss/loki

You will need to download the recover.lok for Galaxy S4 from: http://downloadandroidrom.com/file/GalaxyS4/SGH-i337/recovery/CWM/recovery.lok

Once downloaded use any file explorer that is able to be run as superuser – Example: Root Explorer (File Manager) and locate the two files you have just downloaded.

Select and copy the files loki_flash and recovery.lok to the following directory: /data/local/tmp

If not already installed download the Android Terminal Emulator and once at the command line type “su” without the quotes to elevate to superuser.

Once elevated in the terminal change directory by typing: cd /data/local/tmp | verify you are in the right location by typing “ls” without the quotes and you should see the files recovery.lok and loki_flash

In this directory (/data/local/tmp) type chmod 775 *

Now you will need to run the loki script by typing he following: ./loki_flash recovery recovery.lok | once this is run you will receive a successful message, you can then (when ready) type: reboot recovery in the Android Terminal.

Yeah, I made mistakes along the way. In the end it worked out.

Congratulations you now have ClockworkMod Recovery (CWM) and better yes the power to backup/restore ROMs and install custom ROMs such as CyanogenMod

To get back into recovery you have two methods:

  1. Access the Android Terminal Emulator and “su” into superuser and type: reboot recovery
  2. Power off your phone and power on again holding the volume up, center button and power button. Once you see a logo on the screen release the power button and continue to hold volume up, and the center button. Welcome back to the CWM Recovery Menu

How to Root Galaxy S4!

This is a video by our buddy Zedomax on rooting the Galaxy S4. This method is only for root access, its not a video on installing custom recovery, so please enjoy and remember to subscribe to his YouTube Channel.

.

This method works on all Qualcomm Galaxy S4 running Android 4.2.2 including:
AT&T SGH-i337, T-Mobile SGH-M919, Sprint SPH-L720, Verizon, US Cellular, Telus, .
Rogers, etc…

For GT-i9500 octa-core S4, see other root method here:
http://www.youtube.com/watch?v=1VZd71…

Download and Step-by-Step tutorial here:
http://galaxys4root.com/galaxy-s4-roo…

For rooting Galaxy S4 on Linux/Ubuntu, please see this video instead:
http://www.youtube.com/watch?v=JIAbdV…
For rooting Galaxy S4 on Mac OSX, please see this video instead:
http://www.youtube.com/watch?v=q5Sluq…

For more awesome info on rooting the Galaxy S4 stop over at http://GalaxyS4Root.com