Gooligan: Android malware infected 1 million devices - but not a single iPhone!

Gooligan Android Malware roots smartphones, hacks the user's Google account and independently downloads apps. Output graphics: Pixabay

Gooligan is a new one Android Malware, which has infected and rooted a million devices since August 2016 and hacked Google accounts in the process. What Gooligan is exactly, how the malware works and which apps you should avoid as an Android user, I want to briefly explain to you here. In addition, the new malware, which can basically get onto the smartphone quite easily, is again an argument for it, rather one iPhone to use ;)

TL; DR: If you just want to know whether your Android device is infected by Gooligan, click here!

A few facts and figures about Android malware

The message from Gooligan is now slowly arriving in Germany. According to the cyber security company, the Android malware is said to be Check Point 1 million devices already infected to have; Up to 13.000 more would be added every day. Gooligan sneaks in mainly with older Android versions and those without the latest patches. Especially versions 4 (Ice Cream Sandwich, Jelly Bean, KitKat) and 5 (Lollipop) are affected. According to current figures (November 2016), among other things Android Police supplies, these versions still account for a whopping 80,2% of all Android devices.

Gooligan hacked smartphones, installed apps and spied on users

According to Check Point, only 9% of the devices affected so far are in Europe - probably one reason why there are not many reports in this country. 19% of the affected devices are on the American continents, 15% in Africa and 57% in Asia. In all attacks, the hackers use a command and control server (C&C) to spread infected apps. In addition to third-party sites, some infected apps also come from the Google Play Store. Once installed, Gooligan reads data and roots the device. Then new system modules and apps are loaded, which can (automatically) be rated on behalf of the user.

Gooligan Android Malware is a variant of SnapPea, a malware that caused a stir last year. Here is an overview of how the malware hacked Google accounts, among other things. Image source: blog.checkpoint.com

Gooligan Android Malware is a variant of SnapPea, a malware that caused a stir last year. Here is an overview of how the malware hacked Google accounts, among other things. (Click to enlarge) Image source: blog.checkpoint.com

But that's not all. The malware got its name mainly because it hacked the user's Google account and was able to use Gmail, Google Play, Google Drive, Google Docs, Google Photos and so on on behalf of the person concerned. For example, Gooligan can spread itself via email. In addition, individual apps are automatically rated with 5 stars and always the same comments. So if you find a game in the Play Store that has an extremely high number of 5 star ratings and everyone just says “Good Game”, you now know that something is wrong.

Gooligan: this would not have happened to you on iOS

Software like the one described here can cause all kinds of damage - not only the hack and the possibly necessary resetting of the entire device system are annoying. Some malware also send SMS messages on behalf of the user. If you have a flat rate and nobody answers it, then you may not even notice it. Without an SMS flat rate, however, you can quickly find yourself in a financial mess (I only mention that because it was only recently brought to my attention by those affected). If then MMS are added, it gets bad.

Such horror scenarios are as good as only on Android. Apple's iOS and the other operating systems of the developer from Cupertino as closed systems without a (simple) possibility for the root are much better protected. Only users who jailbreak and then download apps from dubious sources run the risk ... And even then, the target group is so small that hackers tend to focus on Android.

Gooligan Checker: Am I Affected by Android Malware?

As a credible cyber security company, Check Point offers a so-called Gooligan Checker as a service. The tool is very easy to use; you just enter the email address that is connected to your Android device and click on "CHECK". Then after a short check you will be told whether your smartphone is affected by Gooligan. The Gooligan Checker you can find it through this link.

Gooligan Check is my smartphone infected malware finder online

Screenshot of my check - luckily I have neither Android 4 nor 5;)

In which apps is Gooligan (possibly) hiding?

Check Point issued this list of partially infected apps. Under no circumstances should these be downloaded from third-party providers, but only in the Play Store and in the latest version in case of doubt:

Source: blog.checkpoint.com / focus.de

Source: blog.checkpoint.com / focus.de

More information and dissemination of the news

If you want to find out more about so-called "ghost push" malware, to which Gooligan belongs, I can help you this G + Post from Adrian Ludwig recommend. You can find information and data on the SnapPea malware family mentioned above here . Since the malware did not attract attention in this country until December 2016, I recommend that you distribute this article via Facebook, Google+, Twitter, e-mail, etc. in order to prevent further infections. Good luck and, despite everything, have a nice Advent season!

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .