Gooligan Android Malware Steals Access To One Million Accounts

Over one million Android devices have become victims of mass malware hidden in apps called Gooligan.

Research by security firm Check Point Software Technologies (CPST) this month released startling evidence that the malicious software is present in almost 100 apps.

Gooligan: 74 percent of devices ‘vulnerable’

CPST has now begun working with Android’s security team to protect user accounts. It is said that at particularly risk is Gmail, Google Docs and Google Play accounts, among others.

The company wrote in a blog post on Wednesday:

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device.”

“Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages.”

Gooligan takes advantage of so-called “vulnerable” devices running certain versions of Android - or around 74 percent of all devices currently in use.

Once present via an installed app, the malware gains privileged access to the OS, allowing it to download authentication tokens and access user accounts without the need for a password.

More consumer security warnings

According to CPST, the principal aims of Gooligan is to steal a user’s Google email account and authentication token information, install apps from Google Play and rate them to raise their reputation and install adware to generate revenue.

Android says the threats posed to user data are apparently minimal.

"We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall,” Director of Security Adrian Ludwig stated.

Nonetheless, Gooligan’s vast reach highlights the ease with which a user’s personal digital empire can be controlled from the outside.

The problem was raised recently by security mogul John McAfee. Speaking at a conference in London in November, McAfee said, in no uncertain terms, that consumers should “wake the f**k up” to the threat from hackers.

McAfee at the time also championed the Blockchain, having himself recently branched out into Bitcoin mining.

He states:

"It's here and [it’s] here to stay and it will not go away, no matter how much governments hate it and want to regulate it – how can you regulate something which is a mathematical form?"


Follow us on Facebook