‘Gooligan’ Android malware affects more than 1 million Google accounts

history of malware android
Android smartphone manufacturers aren’t the best at updating smartphones to the latest software from Google — that means older devices are more susceptible to attacks thanks to public vulnerabilities that haven’t been patched. Chances are your Android phone is running an older version and unfortunately, there is a malware campaign affecting more than 1 million Google accounts.

Security firm Check Point released information about malware dubbed “Gooligan,” which can steal your Gmail account and authentication information, install apps from Google Play, rate them without your consent, and install adware. The latter two is used to improve app store ratings and “generate revenue.”

The malware only infects devices when a user downloads and installs a “Gooligan-infected app” on a vulnerable Android device via a third-party app store or from malicious links — you’re fine if you only download from the Google Play Store and are using a newer Android device running Android 6.0 or higher.

“After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server,” the research team writes in a blog post. “Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits … These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.”

Unfortunately, nearly 74 percent Android devices run Android 4.2 Jellybean, Android 4.4 KitKat, and Android 5.0 Lollipop.

Adrian Ludwig, director of Android security at Google, said his team has been tracking a family of malware called “Ghost Push” since 2014. Ghost Push is a collection of potentially harmful apps (PHAs) that are the “most often downloaded outside of Google Play.”

“After they are installed, Ghost Push apps try to download other apps. For over two years, we’ve used Verify Apps to notify users before they install one of these PHAs and let them know if they’ve been affected by this family of malware.”

Verify Apps is an Android feature that scans devices for security threats and Google said it found more than 40,000 apps associated with the malware in 2015. Now, the company says Android detects and prevents installations of more than 150,000 variants of Ghost Push. Gooligan is one such variant of Ghost Push and Ludwig said his team has “worked closely” with Check Point to protect users.

As the motivation for Ghost Push apps is to promote apps and generate revenue, Ludwig says Google has found no evidence that user data has been accessed. There is also no evidence that a specific group of users or businesses were targeted. Google says it has improved the Verify Apps feature to protect users from these apps in the future — even if you try to install an infected app, your device will notify you and stop the installation. The search giant is also continually removing apps associated with the Ghost Push family on Google Play, as well as apps that have “benefitted from installs delivered by Ghost Push to reduce the incentive for this type of abuse.”

Google urges users to download apps from the Google Play Store so as to reduce the threat of installing a malicious app. For those accounts that have been compromised, Google has contacted users and revoked authentication tokens so that they can securely sign back in.

If you’re worried your account may be compromised, Check Point has a handy tool that lets you check. Just type in your email and hit “check” and the website will tell you if your account is safe or not.


Google flags preinstalled malware as hidden threat on millions of Android phones

Google flagged preinstalled malware on Android smartphones as a hidden threat. The team discovered that the Chamois malware was preloaded in 7.4 million Android devices, while the attention was on malware that people downloaded themselves.

Xbox's app lets you access your console while away from home. Here's how

Microsoft's Xbox allows you to access your profile information and launch media content directly from your mobile device. Check out our quick guide on how to connect your smartphone to an Xbox One.

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.

These are the 6 best -- and free -- antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Motorola One Action says goodbye to annoying vertical videos

The new midrange Motorola One Action features an ultra-wide-angle lens that means you can take horizontal video while filming vertically. Here's everything you need to know about the Motorola One Action.

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement or an unwanted trip to your local repair shop.

Critical Bluetooth security bug discovered. Protect yourself with a quick update

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The attack allows a hacker to “break” Bluetooth security without anyone knowing.

Score this Amazon-renewed Apple iPhone XS at a $350 discount

iPhones are pretty expensive pieces of technology, but if you don’t mind buying a renewed model, you can save quite a bit of money. Amazon is offering renewed unlocked versions of the Apple iPhone XS at a $350 discount.

Best smartwatch deals for August 2019: Samsung, Fitbit, and Apple Watch sales

Smartwatches make life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. If you're ready to take the plunge into wearables and want to save money, here are the best smartwatch deals for August 2019.

Learn how to make your iPhone play local radio in iOS 13

Find out exactly how to use the Live Radio in iOS 13: Our guide will explain how iOS 13 connects to live radio, what commands to give, and how to revisit past stations. Enjoy your favorite live radio right from your iPhone.

Looking for a good cheap phone? Get the Samsung Galaxy A10 for $145 on Amazon

Samsung's A-Series lineup features phone models from the low-end to the mid-tier. One of its cheaper ones, the Galaxy A10, is perhaps watered-down specs-wise but still boasts enough workable features that make it recommendable.

These fraudulent Android apps were downloaded 8 million times

According to a new report from security research firm Trend Micro, a hefty 85 Android apps have been caught serving fraudulent ads that take over the user's screen -- and those apps have been downloaded 8 million times.

Score this Samsung Galaxy S9 Plus with a huge $101 discount at Amazon

If you're thinking about upgrading your phone and not willing to expend over $800 on the S10, the Samsung Galaxy S9 Plus is a great option. It's discounted by $101 at Amazon, dropping its price from $700 to only $599.
Social Media

Spice up your Instagram videos by adding your top tunes to the soundtrack

Have you ever taken a beautiful video, only to have it ruined by some jerk in the background yelling curse words? Here's a list of apps you can use to add your own music to Instagram posts as well as your Story.