Android Users Beware: Gooligan Malware Just Hacked A Million Google Accounts! Here’s How To Scan Your Smartphone For The Android Malware!

Did you just download any arbitrary app from the Internet? Well, if you did then you may also be a victim of the notorious Gooligan Malware, which has reportedly hacked more than a million Google Accounts. The news may be shocking for some android users but that's the harsh truth. Check Point Software Technologies Ltd, a Cyber security firm announced on Wednesday that the Malware has been breaching 13,000 devices every day.

The Gooligan malware attacks the older Android Phones and is spread on to other smartphones through numerous phishing campaigns as well as malware installed using third party apps. Here's what we know about the malware so far:

Gooligan Malware: How Does It Spread?

Hackers have accessed 1.3 million Google accounts in "Gooligan" attack. Here's how to see if you're affected: https://t.co/8yeZnOnG4g

— KTLA (@KTLA) December 1, 2016

The malware gets installed on a smartphone once the user installs a third party app from some unknown source over the internet. Although Google warns users to not install third-party apps, most of us choose to do so. According to reports, the malware has been traced back to a number of third party apps including "Wi-Fi Enhancer", "GPS", "Battery Monitor", and more. There's even a replica of "Google" on the third-party Android app stores, which has been reported to contain the malware.

Gooligan Malware has been reported to attack devices running on Android 4 (Jelly Bean/ KitKat) as well as Android 5 (Lollipop). These older Android Versions cover more than 74% of Android market devices, with most of them in Asia. The malware can also spread via an installation of apps from links sent by text messages. Check Point researchers also claim that Gilligan installs more than 30,000 apps on breached devices every day.

Gooligan Malware: How Does it Work?

Over 1 Million #Google Accounts Hacked by 'Gooligan' #Android Malware — Check If You're Affected! https://t.co/dmK7fodl99 pic.twitter.com/6e6AbdkSMn — The Hacker News (@TheHackersNews) November 30, 2016

After an infected third party app is installed on a smartphone, the malware sends data about the device to its Command and Control server. A rootkit is then downloaded from the server that takes advantage of older Android versions' exploits including VROOT and Towelroot. If the rooting is completed successfully, the hacker then can execute commands remotely on the smartphone.

A malicious module is also downloaded by the Gooligan Malware which allows the attacker to steal user's Google account details, Install apps and rate them and also Install adware so as to generate revenue for the attacker.

Gooligan Malware: How to Scan Your Smartphone?

Alright, can admit Gooligan is solid naming (rest of the news isn't so light). https://t.co/emkIo53KAK

— Ars Technica (@arstechnica) December 1, 2016

To check whether your account was breached or not, all you need to do is access the web site: https://gooligan.checkpoint.com/. The website was developed by Checkpoint and searches Google PlayStore for recent activity from your email address. If any malicious activity is detected it informs you.

However, just in case your account gets reported to have been breached by the Gooligan Malware, you need to flash your smartphone. As Flashing is a complex process, you can also go to a proper technician or someone with knowledge to get it done. Google Account Passwords and also the linked passwords should be changed immediately.

Checkpoint has identified a number of apps which have been infected by the Malware, you can find the list here. Also so as to prevent any such further attack, the apps should be downloaded only from the PlayStore. This can be done by changing the App Settings and removing the option for unknown third party installation. Stay tuned to SWR for more news and updates on the Gooligan Malware.