Over 1 million Google accounts hit by Gooligan malware

Phone Hack

Security firm Check Point claim to have discovered a massive malware campaign called Gooligan which they say has hit more than 1 million Google accounts. The growing problem is considered the biggest such breach ever and worryingly infects over 13000 Android devices every day.

Gooligan is apparently a new variant of an Android malware campaign found in the SnapPea app in 2015. It worms its way into a person’s handset when they download an application via a third-party app store or phishing scams which embed a malicious link to an infected app within a message.

Once installed, Gooligan downloads a rootkit which exploits vulnerabilities to allow the hacker full access and the power to carry out privileged commands remotely. The malware then proceeds to download a module which injects code into activating Google Play or Google Mobile Services (GMS) in such a way that it can mimic user behavior without attracting any attention.

Also Read: Chinese company put secret backdoor in thousands of Android phones in US

At this point, Gooligan can successfully steal a victim’s Gmail account and authentication token, install applications from Google Play and rate them to increase their standing, and set up adware to spawn revenue. The lucrative scheme can mine data from tools like Google Photos, Gmail, Docs, G Suite, and Drive.

Gooligan could affect devices which run on Android 4 and 5. Together, the OS versions account for around 74% of gadgets in the market today. Google is currently working with Check Point to get a handle on the issue. The search giant is in the midst of notifying infected accounts, revoking affected tokens, and rolling out SafetyNet improvements to increase security.

You can check whether your account has been breached here. You can also check out the list of malicious apps here. If you’ve been hit, Check Point advises you to download an antivirus product. It also recommends flashing your device clean and changing your Google passwords immediately.