Sunday , March 18 2018

More than 1 million Google accounts breached by new Android malware ‘Gooligan’


In a rather alarming statistic, Check Point Research has revealed that Android malware by the name of Gooligan has gotten around and breached upwards of a million Google accounts, and this figure is reportedly increasing by more than 13,000 accounts per day.

If you only use the Google Play Store to download apps and games, chances are your phone is safe. Also, if your phone runs Marshmallow or above, your phone is safe. If you’ve used a 3rd party app store, or downloaded apps from other potentially unsafe sources, you may well have been at risk, or worse, installed a Gooligan-infected app.

The vector for Gooligan to infect your phone is the same as most other Android malware; a user has to install an infected app from somewhere, and invariable they come from sources other than Google’s Play Store. Pirated apps are ripe for this kind of thing, as are unofficial, third party app stores which might offer paid apps for free download. Basically, if it looks too good to be true, you’re mad to install it on your phone.

Once installed, Gooligan can do all sorts of things, including collecting data about your phone, rooting your phone, and stealing your email accounts and authentication tokens (which gives them theoretical access to all your Google apps — like Photos, Drive, and Docs).

It gets worse, though. Gooligan can inject code into the Google Play Store which causes it to download infected, fraudulent apps. This makes those behind Gooligan a lot of money, because those hacked phones download and display ads inside fake apps, which unwitting users might not even know aren’t the real thing.

From what we understand from Check Point’s research, the majority of breached accounts are concentrated in Asia, but as many as 28% of them are located in the Americas and Europe.  To see if you’re compromised, head to the web site that Check Point created:

Unfortunately, this highlights one of the problems we’ve spoken about before, and with Android’s significantly more fragmented software experience (compared to the Apple-controlled iOS), there’s a lot of devices out there running older software which will never be updated to protect against things like this. With ‘safe’ versions of Android only on about 26% of phones as of last month, that still leaves 74% of Android devices potentially able to be infected and exploited. Of course, there’s a lot of other things that have to happen before an exploit can actually take hold, but such a high percentage of potential targets is worrying enough.

There is a silver lining, though. Even on older devices, Google’s “Verify Apps” feature is rather frequently used. Google hasn’t released specifics on what percentage of devices use the feature, but Check Point believes that up to 92% of active Android devices use this feature.

Even apps that aren’t downloaded from Google’s Play Store can be checked against Google’s database of known dodgy apps. The first time a user tries to install an app from a non-Play Store source, the user will be prompted to allow Google to verify the app, and in our experience, a good many users happily click Yes to this, thinking it enhances their security — and it does.


Chris Rowland   Editor and Publisher

Chris has been at the forefront of smartphone reporting in Australia since smartphones were a thing, and has used mobile phones since they came with giant lead-acid batteries that were "transportable" and were carried in a shoulder bag. He saw the transition from AMPS to GSM, loved the Motorola StarTac, and got into Palm technologies in a big way. The arrival some years later of the original iPhone, and then the early Androids, awoke a new interest in mobile technology, and Chris has been writing about it since.

Today, Chris publishes one of Australia's most popular technology websites, Ausdroid. His interests include mobile (of course), as well as connected technology and how it can make all our lives easier.

Join the Ausdroid Conversation

1 Comment on "More than 1 million Google accounts breached by new Android malware ‘Gooligan’"

newest oldest most voted
Ausdroid Reader

Why I never install apps from a third party unless I am really sure of it, or upgrading an existing app.

This shouldn’t really affect most users in Australia, especially the non techy ones.

Check Also

It appears phones running Android Auto can now be unlocked while connected

Android Auto is one of the more popular implementations of Android on devices, but it’s …