1 Million Android Devices Infected With Gooligan Malware

1 Million Android Devices Infected With Gooligan Malware.

• Over 1 Million Android Devices are Infected.
• Mostly Asian users are affected.
• Security researchers of Checkpoint found and reported to Google.

Gooligan Malware targets in Android versions 4 and 5 (Jelly Bean, Kit Kat, and Marshmallow) Vulnerability and spreads through third party apps.

Checkpoint security researchers found Android Malware also they reached to Google Security team and given information about the Gooligan Malware campaign.

"We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall." said Adrian Ludwig, Google’s director of Android security. "These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.

The malware isn’t accessing any personal emails or files. When the Android Security team scanned the affected accounts, it found no evidence of the malware accessing data or otherwise using the token for fraud. There was also no evidence of the malware targeting any particular people or organizations.

How Gooligan Malware works?

Image by Checkpoint

Affected Users:

Over 57% Asia , 19% Americans, 15% Africa and 9 % Europe users are affected. Security researchers first encountered Gooligan’s code in the malicious SnapPea app last year. At the time this malware was reported by several security vendors, and attributed to different malware families like Ghostpush, MonkeyTest, and Xinyinhe.

Gooligan Still Growing Threat

Graph by Checkpoint

How do you know if your Google account is breached?

You can check if your account is compromised by accessing the following web site that we created:  https://gooligan.checkpoint.com/.

If your account has been breached, the following steps are required:

A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
Change your Google account passwords immediately after this process.

A Full list of Fake Apps infected with Gooligan Malware by CheckPoint

• Perfect Cleaner
• Demo
• WiFi Enhancer
• Snake
• gla.pev.zvh
• Html5 Games
• Demm
• memory booster
• แข่งรถสุดโหด
• StopWatch
• Clear
• ballSmove_004
• Flashlight Free
• memory booste
• Touch Beauty
• Demoad
• Small Blue Point
• Battery Monitor
• 清理大师
• UC Mini
• Shadow Crush
• Sex Photo
• 小白点
• tub.ajy.ics
• Hip Good
• Memory Booster
• phone booster
• SettingService
• Wifi Master
• Fruit Slots
• System Booster
• Dircet Browser
• FUNNY DROPS
• Puzzle Bubble-Pet Paradise
• GPS
• Light Browser
• Clean Master
• YouTube Downloader
• KXService
• Best Wallpapers
• Smart Touch
• Light Advanced
• SmartFolder
• youtubeplayer
• Beautiful Alarm
• PronClub
• Detecting instrument
• Calculator
• GPS Speed
• Fast Cleaner
• Blue Point
• CakeSweety
• Pedometer
• Compass Lite
• Fingerprint unlock
• PornClub
• com.browser.provider
• Assistive Touch
• Sex Cademy
• OneKeyLock
• Wifi Speed Pro
• Minibooster
• com.so.itouch
• com.fabullacop.loudcallernameringtone
• Kiss Browser
• Weather
• Chrono Marker
• Slots Mania
• Multifunction Flashlight
• So Hot
• Google
• HotH5Games
• Swamm Browser
• Billiards
• TcashDemo
• Sexy hot wallpaper
• Wifi Accelerate
• Simple Calculator
• Daily Racing
• Talking Tom 3
• com.example.ddeo
• Test
• Hot Photo
• QPlay
• Virtual
• Music Cloud