Gooligan Malware Spreading Like Wildfire

Category: Security

A new malware known as “Gooligan” is infecting 13,000 Android phones each day, according to CheckPoint, a cybersecurity firm headquartered in San Carlos, CA. Over one million smartphones have already been infected, making Gooligan the biggest security breach that Android has ever experienced. Do you need to worry? Read on...

What is the Gooligan Android Malware?

Gooligan is a rapacious program. Once installed on a phone, it collects data about the device and uploads it to a command-and-control server. Simultaneously, it downloads a rootkit package that unlocks all security constraints on the device, rendering it wide-open to further manipulation.

Gooligan then uses the authentication tokens stored on victim devices to hack into the owner’s Google account. Now the malware owns all of the victim’s Google accounts -- Google Play, Gmail, Google Photos, Google Docs, Google Drive, and other resources accessed by the Google account credentials.

Gooligan also downloads and installs adware to generate revenue for its masters. Another revenue stream comes from installing apps from Google Play, then giving them high ratings to boost their reputations. Unscrupulous app developers will pay for such a competitive advantage. If you wonder why your Google ID is endorsing an app you didn’t know you had, you may have a Gooligan infection.

Gooligan Android Malware

Gooligan even bites the hands that feed it. The malware sends fake device identification info to Google Play, enabling it to install the same app twice and double its ad revenue.

Gooligan infects phones mainly via two vectors. Phishing campaigns may trick users into clicking on a link in an email or Web page that secretly downloads and installs Gooligan. The infection may also be acquired by intentionally installing apps from sources other than the official Google Play app store.

How to Protect Against Gooligan

Security software can help detect phishing attempts, but it won’t keep users from willingly installing Gooligan-infected apps. By default, Android does not allow downloads of apps from sources other than Google Play because Google has not vetted them. But a user can disable this protection in Android’s settings (an option not available to Apple fans). Many do so at the urging of bad actors who promise tempting apps that are not available on Google Play. What these users get, instead, is often malware like Gooligan.

Gooligan can infect devices that are running Android 4 and 5, also known as Android Jelly Bean, KitKat, and Lollipop. The bad news is, more than 75% of Android devices are running these older Android versions. You can blame cellular carriers (Verizon, AT&T, Sprint and T-Mobile) who don’t push out Android updates to their customers’ devices.

CheckPoint has created an online tool that will tell you if your device is infected with Gooligan. Just go to the tool’s page and enter the Google Mail address associated with the device.

If your device is infected with Gooligan, the only cure is to install a clean version of Android. That’s a complex task that is best done by a qualified service technician. Head to your local phone store, or the place where you purchased the phone, for help with that.

Even if you don’t have a Gooligan infection and are running a current version of Android, I urge you to double-check your phone or tablet's security settings to be sure they cannot download apps from sketchy sources. Go to your device’s Settings, then tap the Security Option. If the “Unknown Sources” option is turned ON, then turn it off. That will make it impossible to install apps from sources other than the Google Play app store.

If you have an iPhone or iPad, Googligan won't be a concern for your gadget. But 80% of all smartphones are powered by the Android operating system. I'm sure you have friends and family that would thank you for sending them a link to this article by email, Facebook or Twitter.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 5 Dec 2016

For Fun: Buy Bob a Snickers.

Prev Article:
12 Tips for Online Holiday Shoppers

The Top Twenty
Next Article:
BOTNET ATTACKS: Are You Vulnerable?

Most recent comments on "Gooligan Malware Spreading Like Wildfire"

Posted by:

Craig Beard
05 Dec 2016

Thanks for the heads-up on this, Bob. I shared it with friends and family. I noticed that the Gooligan Checker is connected with Checkpoint, Maker of ZoneAlarm (which offers free antivirus and firewall). How do those -- especially the AV -- stack up with others?

Posted by:

05 Dec 2016

Thank you so much for your newsletter and warnings. I have been reading it for many years and I appreciate all the research you put into it. Your information about computer threats is especially helpful. The Gooligan Checker showed I was not infected, giving me a little peace of mind. Keep up the good work!
Paula M.

Posted by:

05 Dec 2016

Are we saying that "Lookout" and other security apps won't protect against this? This would be bad news because sometimes even good webpages get hit with 'advertisements' that end up being bad sites. We need that protection.

Posted by:

05 Dec 2016

Thank you for the simple and concise explanations of the problems and the remedies. I may feel 147% smarter today

Posted by:

05 Dec 2016

Thank you once again for keeping me updated. I went into settings on my phone and there was an update (no notification) which I installed. Thanks for the link to check for Gooligan, too. You rock!!!

Posted by:

05 Dec 2016

Thanks for the heads up on this new virus.I really appreciate ur time and research on this.These articles are extremely helpful to me and keep up the good work

Posted by:

Bob K
05 Dec 2016


I want to thank you for all that you do!
-Bob K

Posted by:

john silberman
05 Dec 2016

RE: "The bad news is, more than 75% of Android devices are running these older Android versions. You can blame cellular carriers (Verizon, AT&T, Sprint and T-Mobile) who don’t push out Android updates to their customers’ devices."

You can also blame the manufactures constantly dumping new products. I have a MOTO G3, less then a year old and Motorola/Lenovo have already terminated any future upgrades as promised when the phone was first released. Fortunately, I have Android 6.0.

Posted by:

Kenneth Heikkila
05 Dec 2016

Glad I stuck with iPhone. Timely updates every time.

Posted by:

06 Dec 2016

I think that many will turn off the protection to get apps from Amazon who through their Underground scheme can have "free" versions that are chargeable on Google play. Some are "completely free" meaning in game purchases are also free. Maybe Android needs a whitelisting to allow installs from known "good" sites instead of just Google Play? But then again sometimes some of these sneakies get in via the approved routes too.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Gooligan Malware Spreading Like Wildfire (Posted: 5 Dec 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved