Gooligan Malware Spreading Like Wildfire
A new malware known as “Gooligan” is infecting 13,000 Android phones each day, according to CheckPoint, a cybersecurity firm headquartered in San Carlos, CA. Over one million smartphones have already been infected, making Gooligan the biggest security breach that Android has ever experienced. Do you need to worry? Read on...
What is the Gooligan Android Malware?
Gooligan is a rapacious program. Once installed on a phone, it collects data about the device and uploads it to a command-and-control server. Simultaneously, it downloads a rootkit package that unlocks all security constraints on the device, rendering it wide-open to further manipulation.
Gooligan then uses the authentication tokens stored on victim devices to hack into the owner’s Google account. Now the malware owns all of the victim’s Google accounts -- Google Play, Gmail, Google Photos, Google Docs, Google Drive, and other resources accessed by the Google account credentials.
Gooligan also downloads and installs adware to generate revenue for its masters. Another revenue stream comes from installing apps from Google Play, then giving them high ratings to boost their reputations. Unscrupulous app developers will pay for such a competitive advantage. If you wonder why your Google ID is endorsing an app you didn’t know you had, you may have a Gooligan infection.
Gooligan even bites the hands that feed it. The malware sends fake device identification info to Google Play, enabling it to install the same app twice and double its ad revenue.
Gooligan infects phones mainly via two vectors. Phishing campaigns may trick users into clicking on a link in an email or Web page that secretly downloads and installs Gooligan. The infection may also be acquired by intentionally installing apps from sources other than the official Google Play app store.
How to Protect Against Gooligan
Security software can help detect phishing attempts, but it won’t keep users from willingly installing Gooligan-infected apps. By default, Android does not allow downloads of apps from sources other than Google Play because Google has not vetted them. But a user can disable this protection in Android’s settings (an option not available to Apple fans). Many do so at the urging of bad actors who promise tempting apps that are not available on Google Play. What these users get, instead, is often malware like Gooligan.
Gooligan can infect devices that are running Android 4 and 5, also known as Android Jelly Bean, KitKat, and Lollipop. The bad news is, more than 75% of Android devices are running these older Android versions. You can blame cellular carriers (Verizon, AT&T, Sprint and T-Mobile) who don’t push out Android updates to their customers’ devices.
CheckPoint has created an online tool that will tell you if your device is infected with Gooligan. Just go to the tool’s page and enter the Google Mail address associated with the device.
If your device is infected with Gooligan, the only cure is to install a clean version of Android. That’s a complex task that is best done by a qualified service technician. Head to your local phone store, or the place where you purchased the phone, for help with that.
Even if you don’t have a Gooligan infection and are running a current version of Android, I urge you to double-check your phone or tablet's security settings to be sure they cannot download apps from sketchy sources. Go to your device’s Settings, then tap the Security Option. If the “Unknown Sources” option is turned ON, then turn it off. That will make it impossible to install apps from sources other than the Google Play app store.
If you have an iPhone or iPad, Googligan won't be a concern for your gadget. But 80% of all smartphones are powered by the Android operating system. I'm sure you have friends and family that would thank you for sending them a link to this article by email, Facebook or Twitter.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 5 Dec 2016
|For Fun: Buy Bob a Snickers.|
12 Tips for Online Holiday Shoppers
The Top Twenty
BOTNET ATTACKS: Are You Vulnerable?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Gooligan Malware Spreading Like Wildfire (Posted: 5 Dec 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved