Gooligan App-Installing Malware Infects 1 Million Android Devices, But Google Says Personal Files And Email Are Safe
New malware dubbed "Gooligan," part of the "Ghost Push" collection of potentially harmful apps (PHAs) has infiltrated more than 1 million Android devices.
The Gooligan malware campaign first surfaced back in August and is currently infecting roughly 13,000 Android devices per day, according to security firm Check Point.
In just a few months since August, hackers behind the malware have managed to compromise more than 1 million Google accounts with this fraudulent advertising scheme that warrants malicious app downloads.
How It Works
The Gooligan malware infects devices after users install software that looks fine, but is actually compromised, from unauthorized third-party sources such as various app stores besides Google Play. More than half of the compromised devices are in Asia, where third-party app stores are widely popular.
Once on board the device, the malware takes complete control at the deepest level — the root — stealing tokens that Google services such as Gmail use to authenticate users.
Check Point says that Gooligan can affect devices running older versions of Android such as Android 4 Jelly Bean and KitKat and Android 5 Lollipop.
"We have noticed that hundreds of the email addresses are associated with enterprise accounts worldwide," adds Check Point.
Private Emails And Files Are Safe
Google, on the other hand, says that the malware is not accessing any personal files or emails. The Android Security team scanned compromised accounts and found no evidence that Gooligan accessed data or fraudulently used the token.
"The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant," says Google.
The company adds that it found no evidence that Gooligan targeted specific users or enterprises. Moreover, Google says that less than 0.1 percent of affected accounts belonged to GSuite customers.
"Ghost Push is opportunistically installing apps on older devices," adds the company.
Instead, the goal of the malware seems to be altering Google Play app rankings. The malware doesn't seem to download Drive accounts or inboxes, but it installs apps from Google Play and leaves five-star ratings for those apps in the process. With more than 1 million Android devices infected by Gooligan, the malware can give a huge boost to the targeted app when it comes to Google Play Store ratings.
How To Check If Your Device Is Infected
If you've downloaded apps from unauthorized third-party app stores, you might want to check whether your Android device has been compromised. To do so, you can use the tool Check Point built and scan your device for the Gooligan malware. If the scan reveals evidence of an infection, you can remove the malware completely by reinstalling the system.
Devices running a newer version of Android released in the past year are safe from this malware, as Google already patched the vulnerability a while back. This means that if you have a new Android device such as the Samsung Galaxy S7 or an older Android device running Android 6 Marshmallow or newer, you're safe from Gooligan.
Protect Your Android Device
To avoid getting your device infected, it's best to install applications only from trusted sources such as Google Play. For more tips and tricks, check out Tech Times' earlier coverage on how to keep your Android device malware-free.