Android Gooligan Malware

What is Gooligan

Gooligan is a type of malware virus that is spreading across the internet affecting users of Android devices.  It is a variant of a previous virus (Ghost Push) which was created in 2015 where it infected over four million devices.

Since its creation in 2016, Gooligan is estimated to have infected over 1.3 million devices (running Android operating system).

Infection occurs through downloading an App from a third-party App store.  The unsuspecting user, rather than downloading the App they expected, downloads a program that then infects their device and uses their Google credentials to access their Google account.

Rather than distributing the device owner’s personal data, the software downloads other Apps (belonging to the Gooligan authors) using information on the users Google account, which in turn generates them a huge amount of advertising revenue.  It is estimated that, to date, more than $300K dollars a month is being generated.

The bad news however, is that having gained access to the users account, the virus authors can potentially access other Google related activities such as GMail, Google Drive, Photos, Google Docs and any other data that the user may have stored within their Google account, potentially getting their software to “dump” the user data to other servers, for later “use”.

Google Action

Now, Google are working with Android App developers to try and quash the application – which may take some time as the “playing ground” is huge.

Android Version 6 and Above

Roughly 73% of Android users are running Android 4/5, KitKat, Jelly Bean or Lollipop – which are the versions containing the exposure through which the malware embeds itself.

The good news is that any device currently running version 6 (or above) of the Android operating system is safe from this exposure.

Protect Yourself

The usual rules apply to protecting yourself from these sorts of exposures:

1.      Only download apps from the App store, do not use third-party app stores (no matter how attractive they make the offer).

2.      Do not download apps from emailed links

3.      Run a mobile anti-virus program from a Tier 1 Anti-virus provider

4.      Routinely perform a scan of your device to ensure that you haven’t already been infected

5.      Keep your device up to date with App and operating system patches and updates.

Send us a message

    Talk to us

    Lancaster: 01524 581690 (Head Office)

    Preston: 01772 395693

    Technical IT Support illustration at Q2Q HQ Lancaster, Lancashire and the North West