A new type of malware is doing the rounds, and it has already infected 1 million Android devices. Dubbed Gooligan, this malware roots Android, giving the hackers full control of people’s devices. Anyone with an Android running Jelly Bean, KitKat, or Lollipop is currently at risk.
As discovered by security firm Check Point Software Technologies, Gooligan first emerged in August. Since then it has wormed its way onto 1 million Android devices, currently infecting around 13,000 devices every day.
Gooligan is present in at least 86 Android apps available from third-party marketplaces. It can also find its way onto your phone or tablet if you blindly click on a seemingly innocent malicious link. Once installed, Gooligan will wreak havoc by rooting your device.
Once your device has been rooted, Gooligan will download and install software capable of compromising the authentication tokens your device uses to access Google services. Those at risk include Gmail, Google Drive, Google Photos, Google Docs, and more.
Gooligan Boosts Google Play Ratings
The authors of Gooligan could conceivably use it in a number of different ways, including accessing your private data. However, it appears they’re actually using Gooligan to game Google Play, downloading apps and leaving 5-star reviews in order to boost the ratings of those apps. The reason? Money, of course, as this process generates serious revenue.
Google is already on the case, with Android security engineer Adrian Ludwig explaining:
“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”
If you own an Android device running on anything older than Android 6.0 (Marshmallow) you should do two things: 1. Use this Check Point tool to see whether your Google account has been compromised, and 2. View the list of fake apps infected by Gooligan so you know what to avoid.
And, as always, you should use common sense when installing apps or clicking on blind links.
Have you been affected by Gooligan? Is this the first Android malware you have encountered? Does Google need to do more to protect Android users? Is Android’s level of fragmentation harming security? Please let us know in the comments below!