News Categories

Android OS malware Gooligan breaches more than 1 million Google accounts

By Liu Hongzuo - on 2 Dec 2016, 7:23pm

Android OS malware Gooligan breaches more than 1 million Google accounts

Note: This article was first published on 1st December 2016.

A new Android OS malware responsible for breaches to more than 1 million Google accounts has been discovered by cyber-security firm, Check Point. The malware has a global presence, and it steals user data found on Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

Source: Check Point.

This malware, Gooligan, strikes when an Android user installs an infected app on a vulnerable device. It can also attack after a user clicks on malicious links in phishing attacks. Once a phone is infected, Gooligan will download a rootkit from their attacker’s servers – this rootkit can exploit weaknesses in Android OS 4.0 or 5.0 devices. A successful rooting will grant the attacker full control and privileged access to the infected phone. Gooligan will then get to work by injecting code to mimic user behavior in order to avoid detection, while it does the following:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

According to Check Point, 57% of the 1 million breached accounts are located in Asia – the rest are spread across the Americas, Africa, and Europe at 19%, 15%, and 9% respectively. The Gooligan malware has the potential to infect vulnerable Android OS 4.0 (Jelly Bean) and 5.0 (Lollipop) devices, which makes up more than 74% of Android in-market devices as of last month. Gooligan’s code first appeared in July 2015, before undergoing various changes to reach its current August 2016 iteration.

Here’s the list of infected apps and more information about the Gooligan malware.

Am I affected?

Go to this URL to check if your Google account has been breached by entering the e-mail address associated to your Android OS device.

Currently, the only option for breached users is to flash the operating system on their infected device. Check Point recommends unfortunate users to seek out a certified technician to do a clean OS installation on the phone, and to change Google account passwords after the flashing process.

Source: Check Point (blog), BGR

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.