1 Million Android Devices Infected With Gooligan Malware

• Over 1 Million Android Devices are Infected.
• Mostly Asian users are affected.
• Security researchers of Checkpoint found and reported to Google.

Gooligan Malware targets in Android versions 4 and 5 (Jelly Bean, Kit Kat, and Marshmallow) Vulnerability and spreads through third party apps.

Checkpoint security researchers found Android Malware also they reached to Google Security team and given information about the Gooligan Malware campaign.

"We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall." said Adrian Ludwig, Google’s director of Android security. "These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.

The malware isn’t accessing any personal emails or files. When the Android Security team scanned the affected accounts, it found no evidence of the malware accessing data or otherwise using the token for fraud. There was also no evidence of the malware targeting any particular people or organizations.

How Gooligan Malware works?

Image by Checkpoint

Affected Users:

Over 57% Asia , 19% Americans, 15% Africa and 9 % Europe users are affected. Security researchers first encountered Gooligan’s code in the malicious SnapPea app last year. At the time this malware was reported by several security vendors, and attributed to different malware families like Ghostpush, MonkeyTest, and Xinyinhe.

Gooligan Still Growing Threat

Graph by Checkpoint

How do you know if your Google account is breached?

[adsense size='1']
You can check if your account is compromised by accessing the following web site that we created:  https://gooligan.checkpoint.com/.

If your account has been breached, the following steps are required:

A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”