Home News Gooligan Android malware compromised one million Google accounts since August

Gooligan Android malware compromised one million Google accounts since August

A new Android malware named Gooligan strain has surfaced on the platform. As of writing this, the Gooligan strain malware is considered to be the single largest theft of Google accounts. Moreover, the malware prompts you to download software to gain access to the content.

According to reports, the Gooligan strain malware has infected more than one million Android smartphones since August. It works by stealing the tokens provided to the users to verify their accounts. As an end user, you will not know that the malware is secretly stealing your accounts.

What does Gooligan malware do?

The main purpose of Gooligan strain is to push users to download those apps, which are part of a huge advertising fraud scheme. You will view advertisement banners stating that you will win nearly $400000 per month if you participate in various schemes. However, the malware will not deeply sneak into the inboxes of users to steal data from Gmail or Docs during infection time.

The Gooligan malware is spreading like an alarming rate since the beginning of November. According to Check Point researchers, the malware has been spreading like a giant killer with an average of 13,000 new infections per day. Primarily, the malware enters the gadget when users visit a particular website and download a third-party app.

Michael Shaulov, head of mobile and cloud Security at Check Point revealed that the malware enters the smartphone through a porn site, an unreliable app. You will view banners to download particular software to access content. If you download, the malware enters your gadget.

Gooligan will be able to automatically locate the gadget infected by the malware. It will launch the relevant exploits to break into the phone. The malware grabs complete control of the gadget. To complete this process, hackers make use of long-known vulnerabilities, such as VROOT and Towelroot, on devices running Android 4 through 5.

After a smartphone has been infected with the malware, the account token of the Google account will be pushed to a remote server. The hacker will then make use of the token to gain access to Gmail, Docs, Drive, Photos and other data. Even if you enabled two-factor authentication, your account can still be compromised.

Nearly 40 percent of Gooligan strain malware infections are from Asia with 19 percent from the US. In Europe, nearly 12 percent of gadgets were infected with the malware.