This article is all about for android devices. In this article, we will learn about a malware named as Gooligan. According to researchers from Check point security technologies, an Israel-based security firm, this malware has been found in 86 apps on the third party marketplace. Over a million devices are already infected by this malware which compromises Google account data on these devices and it allows the attackers access to user’s Gmail, Google photos, Google Docs, Google Play, and other Google services. In short words, Gooligan steals your all data from your phone and give this data to attackers.
Gooligan malware has infected more than a million devices in the past few months and many new devices are being affected in every single day. So, be aware of it.
This malware targets mainly 4 and 5 versions of Android phones. Devices running on google’s android version Ice cream, Sandwich, Jellybean, KitKat, and Lollipop also which account for approx 70 percent of total Android users, are under threat of being affected by Gooligan. Once this malware enters in your device it steals all your personal details and it also accesses full permission of your android device.
Important facts about Gooligan malware.
Google, Android, and Check point company have been working together to minimize the threat is being created by Gooligan. The checkpoint is working with Google because Checkpoint believes that it is largest ever Google account breach in the present time and It happens first time in the history of android that million of google accounts breach by a single malware and steal all personal data of users and access it to attackers. It is the most powerful malware because once it enters in users device it accesses full control of your device and also able to download frequent apps from anywhere on google and also comment on that apps. It also allows attackers to attack users device and steal all data from users.
At the other end, Android engineer Adrian Ludwig said in a blog post that there’s no evidence Gooligan have accessed user’s data or target specific users.Google uses a service called verify apps to detect signs of malware in apps downloaded from a third party app store. According to the Ludwig Gooligan is belong to a family known as ‘Ghost Push’, Which try to download other apps. Ludwig also says that Google has been removing malicious apps from google play store which is affected by ‘Ghost Push’ family of malware and restoring security.
Checkpoint it’s that over half of the infected devices are in Asia, with about 20 percent in the Americas. and also says that two of the 86 apps infected by Gooligan have the Chinese name.
Asia: – 57 percent approx
America: – 20 percent approx
Africa: – 15 percent approx
Europe: – 9 percent approx
These data will be shows that Asia is mainly affected by Gooligan malware. So, be careful from this malware.
How does Gooligan works on Android devices
According to the Check point company, the malware can either be installed via downloading one of 86 infected fake apps which are affected by Gooligan malware through a third party app store or falling for a phishing scam, Such a clicking on a fraudulent link or spam link in an email. Here is the list of apps which are infected by Gooligan malware according to the Check point company.
- com.so.itouch
- com.fabullacop.loudcallernameringtone
- Kiss Browser
- Weather
- Chrono Marker
- Slots Mania
- Multifunction Flashlight
- So Hot
- HotH5Games
- Swamm Browser
- Billiards
- TcashDemo
- Sexy hot wallpaper
- Wifi Accelerate
- Simple Calculator
- Daily Racing
- Talking Tom 3
- com.example.ddeo
- Test
- Hot Photo
- QPlay
- Virtual
- Music Cloud
- YouTube Downloader
- KXService
- Best Wallpapers
- Smart Touch
- Light Advanced
- SmartFolder
- youtubeplayer
- Beautiful Alarm
- PronClub
- Detecting instrument
- Calculator
- GPS Speed
- Fast Cleaner
- Blue Point
- CakeSweety
- Pedometer
- Compass Lite
- Fingerprint unlock
- com.browser.provider
- Assistive Touch
- OneKeyLock
- Wifi Speed Pro
- Minibooster
- Flashlight Free
- memory booster
- Touch Beauty
- Demoad
- Small Blue Point
- Battery Monitor
- 清理大师
- UC Mini
- Shadow Crush
- 小白点
- tub.ajy.ics
- Memory Booster
- phone booster
- Setting Service
- Wi-fi Master
- Fruit Slots
- System Booster
- Direct Browser
- FUNNY DROPS
- Puzzle Bubble-Pet Paradise
- GPS
- Light Browser
- Clean Master
- Perfect Cleaner
- Demo
- WiFi Enhancer
- Snake
- gla.pev.zvh
- Html5 Games
- Demm
- memory booster
- แข่งรถสุดโหด
- StopWatch
- Clear
- ballSmove_004
Once Gooligan installed on your device it will try to steal authentication tokens from a user’s Google account, which allows it to access accounts without a password. The malware also posts fake reviews and download other apps.
Once downloaded, the malware will send device data back to its command and control server (C&C server). According to Check point researchers Once the security hole is exploited, Gooligan will inject malicious codes into the phone that provides it with cover from detection.
Google says that the devices with the security patches won’t be affected. The malware was first detected last year (2015) in the SnapPea app, Which allows you to control your Android device via a PC.
According to check point researchers “after achieving root access on your device, Gooligan downloads a new, malicious module from the C&C server and installed it on your device. This module injects code into your device and running Google play or Google related services to fake user behavior so Gooligan can avoid detection.
This module allows Gooligan to: –
1. Steal your personal data and email account password and data present in the Gmail account.
2. Install apps from google play store without your permission and also access to rate them to raise their reputation and also able to post fake reviews from your Google account
3. Install adware to generate revenue.
How to check your Google account Is infected by Gooligan or not
Now to check your Google account is breached or not by Gooligan malware. Check point company created a site where you enter your email address and then click on Check option to check your Google account is breached or not
To check your Google account is breached or not by Gooligan click here
After clicking on above link you enter your email account in it then to check your Google account is breached or not by click on the check option in it. Figure is shown below
If your account was breached it means your Google account and device was affected by Gooligan malware.
How to remove Gooligan malware and How to protect yourself from Gooligan malware.
- If your account is not breached and you want to know how to protect your Android device from Gooligan malware simply follow these steps.
Always use Google play store to download apps on your Android device, where all the apps are certified.
Do not trust on any third party application. Always keep app verification on to prevent your account from breaches. The service is known as verify app will stop the installation of Gooligan and warn the user about the threat.
- If your account is breached and you want to know how to remove this malware from your phone then follow these steps.
If your device is infected by this malware It recommends a clean installation and new account password for the infected devices. If your device is infected, it will require ‘flashing’ – a clean installation of the operating system.
This is a complex process In this process first step is root your phone, If you don’t know how to root your phone CLICK HERE
How to root android phone without using computer
After successfully root your phone you should download a new ROM for flash on your phone after flashing the new ROM on your Android device. You will need to change your Google account password otherwise your new ROM will be also affected by Gooligan.
If you don’t know how to flash a ROM in android devices waits for my next article on android devices.