Gooligan Android malware is hacking Google accounts – one million users affected so far


Security researchers have released details of a new form of Android malware that has hacked the Google accounts of more than one million users and which is infecting devices at a rate of around 13,000 per day.

The new malware, dubbed “Gooligan”, has been stealing user’s email addresses and authentication tokens on their Android device, researchers from cyber security firm Check Point have discovered.

This means that hackers are able to access sensitive and personal data from Gmail, Google Docs, Google Photos and Google Play, as well as from any other Google app which is linked to the breached account.

Gooligan then also helps to generate fraudulent ad revenue for the cyber criminals behind the malware by installing apps onto the victim’s smartphone or tablet and rating them in them in the Google Play Store.

Gooligan Android Malware

Image: Check Point

Commenting on the discovery of Gooligan, Check Point’s head of mobile products Michael Shaulov said: “This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks.”

“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Check Point revealed that of the device’s affected, 40 percent are located in Asia and around 12 percent in Europe.

The firm added that Gooligan targets devices running older version of Android, including Jelly Bean, Kitkat and Lollipop, which run on nearly 74 percent of Android devices worldwide.

Devices are first infected when a user downloads or installs an app infected with the Gooligan malware or clicks on a malicious link from sent in a phishing email or message.

Some of the infected apps include WiFi Enhancer, StopWatch, Wifi Master, Clean Master, YouTube Downloader, Wifi Speed Pro and Weather. A full list can be found on the Check Point website.

How to check if your account is affected

Check Point has created a free online tool which enables Android users to check if their Google account has been breached and their device in infected.

“If your account has been breached, a clean installation of an operating system on your mobile device is required,” said Shaulov.

In response to Check Point’s findings, Adrian Ludwig, director of Android security said: “We appreciate Check Point’s partnership as we’ve worked together to understand and take action on these issues.”

“As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”


Comments are closed.