‘Gooligan’ Android malware affects more than 1 million Google accounts

history of malware android
Android smartphone manufacturers aren’t the best at updating smartphones to the latest software from Google — that means older devices are more susceptible to attacks thanks to public vulnerabilities that haven’t been patched. Chances are your Android phone is running an older version and unfortunately, there is a malware campaign affecting more than 1 million Google accounts.

Security firm Check Point released information about malware dubbed “Gooligan,” which can steal your Gmail account and authentication information, install apps from Google Play, rate them without your consent, and install adware. The latter two is used to improve app store ratings and “generate revenue.”

The malware only infects devices when a user downloads and installs a “Gooligan-infected app” on a vulnerable Android device via a third-party app store or from malicious links — you’re fine if you only download from the Google Play Store and are using a newer Android device running Android 6.0 or higher.

“After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server,” the research team writes in a blog post. “Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits … These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.”

Unfortunately, nearly 74 percent Android devices run Android 4.2 Jellybean, Android 4.4 KitKat, and Android 5.0 Lollipop.

Adrian Ludwig, director of Android security at Google, said his team has been tracking a family of malware called “Ghost Push” since 2014. Ghost Push is a collection of potentially harmful apps (PHAs) that are the “most often downloaded outside of Google Play.”

“After they are installed, Ghost Push apps try to download other apps. For over two years, we’ve used Verify Apps to notify users before they install one of these PHAs and let them know if they’ve been affected by this family of malware.”

Verify Apps is an Android feature that scans devices for security threats and Google said it found more than 40,000 apps associated with the malware in 2015. Now, the company says Android detects and prevents installations of more than 150,000 variants of Ghost Push. Gooligan is one such variant of Ghost Push and Ludwig said his team has “worked closely” with Check Point to protect users.

As the motivation for Ghost Push apps is to promote apps and generate revenue, Ludwig says Google has found no evidence that user data has been accessed. There is also no evidence that a specific group of users or businesses were targeted. Google says it has improved the Verify Apps feature to protect users from these apps in the future — even if you try to install an infected app, your device will notify you and stop the installation. The search giant is also continually removing apps associated with the Ghost Push family on Google Play, as well as apps that have “benefitted from installs delivered by Ghost Push to reduce the incentive for this type of abuse.”

Google urges users to download apps from the Google Play Store so as to reduce the threat of installing a malicious app. For those accounts that have been compromised, Google has contacted users and revoked authentication tokens so that they can securely sign back in.

If you’re worried your account may be compromised, Check Point has a handy tool that lets you check. Just type in your email and hit “check” and the website will tell you if your account is safe or not.


Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.

Say goodbye to Uber for good: Here's how to cut ties with the ridesharing service

If you thought that deleting the Uber app would also delete your account, think again. You'll have to deactivate your account, then wait 30 days in order to do so. Here, we outlined how to delete your Uber account once and for all.

Here's how you can control your PS4 right from your phone

Sony built the PlayStation 4 with smartphone and mobile integration in mind. Take a look at our guide for connecting your smartphone or tablet to a PS4, so you can get the most out of the system while on the go.

Need a quick battery boost? Try one of our favorite portable chargers

Battery life still tops the polls when it comes to smartphone concerns. If it’s bugging you, then maybe it’s time to snag yourself a portable charger. Here are our picks for the best portable chargers.

You can now listen to Google Podcasts on your desktop without the app

The Google Podcasts app is no longer entirely necessary to listen to the podcasts it offers. With a simple tweak of the sharing URL, you can listen to a Google Podcasts podcast on your desktop or laptop without the app.

The Samsung Galaxy S10 5G might be a few short weeks away from launch

Samsung has announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show as it's among the first 5G-ready smartphones to hit the market.

T-Mobile goes after big cable companies, pilots wireless home internet service

In a shot at big cable companies, T-Mobile is launching a new pilot program to bring an unlimited wireless LTE home internet service to up to 50,000 homes across the United States by the end of 2019.

Type away on the best iPad keyboard cases, from the Mini to the Pro

Whether you're looking to replace your laptop with a tablet or merely want to increase your typing speed, a physical iPad keyboard is the perfect companion to the iPad. Check out our top picks for every available iPad model.

Apple patent suggests Apple Watch bands could have built-in fitness indicators

Apple may be exploring ways to make Apple Watch bands a little more useful. A new patent has been filed by Apple that suggests Apple Watch bands could eventually have indicators for things like fitness goals.

Apple patents hint at improved Apple Store and unboxing experiences

It looks like Apple is working on ways to improve the Apple Store and product unboxing experiences. The company has been awarded a few patents, largely for tech that can be used in product packaging to ensure products stay charged.

Fossil made a smartwatch in 2004, and it’s part of a new brand retrospective

Fossil has been making watches for 35 years, and to celebrate the anniversary, it has a new retrospective exhibit complete with the first smartwatch it made — the Wrist Net watch from 2004.

Make some time for the best smartwatch deals for March 2019

Smartwatches make your life easier by sending alerts right on your wrist. Many also provide fitness-tracking features. So if you're ready to take the plunge into wearables and want to save money, read on for the best smartwatch deals.

Fossil is working on a smartwatch with BMW, and it’s coming next year

Fossil, the watch company that makes smartwatches under its own name and partners with other major brands too, intends to launch a smartwatch with car manufacturer BMW in the future.