Is Your Device Infected with the Malware Gooligan?

What is Gooligan?

1. It is an aggressive malware that attacks Google accounts on Android mobile devices.

2. Over 1 million accounts have been breached since August 2016.

3. About 13,000 devices are infected every day.

4. Its targets are the following Android versions: Ice Cream Sandwich (4.0), Jelly Bean (4.1-4.3), Kitkat (4.4), and Lollipop (5.0-5.1).

5. Most of the infected devices are in Asia.

57%– Asia
19%– Americas
15%– Africa
9%– Europe

6. First case was detected in 2015 on the app SnapPea, which allows a user to control their Android device via a PC.

How can your Android device get infected?

Your device can have the malware if you have downloaded any of the 86 infected fake apps identified by checkpoint.com or have clicked on a deceptive link in your email (phishing).


What harm does it do?

1. It steals your Google email account and authentication info (usernames, passwords, etc.)
2. It installs other apps and writes positive fake reviews.
3. It installs adware to generate revenue.

How do you avoid infection?

1. Download apps ONLY from Google Play store, NEVER from third-party app stores.

2. NEVER click links in your email from sources you don’t know or trust.

3. NEVER rely on user ratings alone when looking for an app to download/install.

What do you do if your device is infected already?

1. Have your device OS re-installed (“re-flashed”) by a certified technician.

2. Change your Google account passwords immediately after re-flashing.

IMPORTANT:

If you want to know if your Google account has been breached: https://gooligan.checkpoint.com/

If you want to see the list of the fake apps: http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

References:

Gooligan Malware: 5 Fast Facts You Need to Know

More Than 1 Million Google Accounts Breached by Gooligan

Leave a Reply