The Story Behind The Emerging Gooligan Malware

Researchers have uncovered a malware campaign known as “Gooligan” that has been pursuing Android users and so far has breached more than 1 million Google accounts of users around the world. Began in august 2016, the attack was exposed by researchers at IT security firm CheckPoint who detailed that Gooligan attack is so enormous that it is rupturing 13,000 Android devices per day and thieving Google accounts counting Gmail, Google Drive, Google Docs, Google Play, Google Photos, G Suite and numerous other facilities provided by the technology giant.

CheckPoint approximations show that Gooligan is installing at least 30,000 applications on hacked Android phones every day!

That’s more than two million installs meanwhile the attack began in August 2016. The malware marks devices driven by Android 4 (Jelly Bean and Kitkat) and 5 (Lollipop), which accounts for 74% of Android devices in use around the world. For the most part, users who only transfer their apps should be safe, even though Google did referenced that some applications linked to the Gooligan malware were found on the Play Store, too. Most of the operators that were infected by Gooligan live in Asia (57%), where installing apps from third-party stores is more common. Only 9% of the infected users are from Europe, while 19% of the contaminations happened in the Americas and 15% in Africa. Investigators have found numerous Gooligan-infected apps on third-party stores. Upon installing them, the malware gathers data about the device and downloads its rootkit. It then roots the device, downloads its own module and steals authentication tokens that are used to hack Google accounts. On the other hand, researchers have cautioned that hackers can also mark users with phishing emails carrying Gooligan-infected infected links. Once the target installs that app, Gooligan attains root permissions and substitutes the original app by accompanying a privilege escalation attack comparable to rooting apps like Towelroot and Kingroot or even malware like Godless and HummingBad

Google has, by this time removed the genuine apps from its authorized store that have promoted from this ratings treachery. The malware also installs malicious marketing software that roads users, a potential boon for data-hungry marketers. Google says it has blocked 150,000 versions of this kind of offensive cyber-attack. Checkpoint has set up a website “” for individuals to check if their devices have been hacked. Otherwise, Android users could check to see if they have downloaded illegal versions of any of the apps enumerated. Smartphone possessors are recommended to only download proficient computer programs from official sources. Google has its Google Play store. Apple has its App Store. But some people maintain on visiting unauthorized app stores, characteristically on shady websites because they offer free, counterfeit versions of popular apps.

Even though Google can manage several anti-malware measures, these solutions are stereotypically used after the contaminations have already begun, and not as a way to prevent them. On Google bouncer applications are thrown to check that if they are malicious or not. If infected, those infections are possible due to existing and well-known vulnerabilities in older versions of Android running on a large number of devices that were never reinforced. Therefore, the origin of furthermost Android malware appears to be Android’s lack of a stable updating model. For the devices that don’t get updated, Google can only try to keep those vulnerabilities in check over new app and process sandboxes that can bound the harm done by future exploits, as well as by categorizing existing malware and trying to stop it from installing on other devices through the Verify Apps service. Although these solutions may seem “good enough,” the vulnerabilities never get patched, which means Google must play a game of cat and mouse with the malware creators who will keep finding new ways to exploit unpatched vulnerabilities.

Recent Posts

Recent Comments


    Be First to Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *