Jump to content

Gooligan Malware Breaches 1 Million Google Accounts


Recommended Posts



"Android malware called Gooligan is being blamed for 1 million breached Google accounts. The malware is still active, according Check Point Software Technologies, and is responsible for an additional 13,000 new breaches of Android devices daily.


“We believe that it is the largest Google account breach to date,” Check Point wrote in a technical overview of the malware.


In a blog post, Adrian Ludwig, Google’s director of Android security, acknowledged the mass infections and identified Gooligan as a variant of Ghost Push malware first identified in 2014. Check Point said it also recognizes Gooligan as a variant of the Android malware campaign found by its researchers last year that was part the malicious Windows backup application SnapPea.


Check Point reported Wednesday that at least 86 Android apps available in third-party marketplaces were laced with Gooligan malware that ultimately allowed hackers to breach Google accounts. Check Point said attackers are enticing victims to download free versions of popular paid Android apps via third-party app stores hosting Gooligan-infected apps such as StopWatch, Flashlight Free and Pedometer.


“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device,” Check Point researchers wrote. “Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages.”


Vulnerable Android handsets include devices running OS versions 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and 5 (Lollipop). Check Point estimates 74 percent of Android devices in use today are vulnerable to the malware. Once a malicious Gooligan app is installed on a vulnerable device, attackers can push either the rootkit VROOT or Towelroot from a command-and-control server."


You can check if your account is compromised with your email address here: https://gooligan.checkpoint.com/


For all the active links and info go here: https://threatpost.com/gooligan-malware-breaches-1-million-google-accounts/122195/

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...