Gooligan is a new strain of Android malware that’s spreading really fast. As per available reports, this malware has already compromised over one million Google accounts and at present it spreads to at least 13,000 users per day.
How Gooligan spreads…
There are two ways in which the Gooligan malware spreads from device to device-
installed via third party app stories
through phishing campaigns, ie, when somone taps malicious links sent through phishing mails or messages.
How Gooligan malware works:
Once Gooligan malware is on the Android device, it collects data about devices and downloads rootkits, roots device and downloads new module, steals email accounts and authentication tokens and injects code into Google play and downloads fraudulent apps. With the stolen authentication tokens, the hacker can bypass almost all Google security mechanisms, even the two-factor authentication and this provides direct and password-free access to the user’s Google Photos, Google Play account, files in Google Docs and Google Drive and G Suite.
Google malware is monetized in two ways. First, by logging into Google Play and posting fake app reviews and second by installing further adware to generate direct revenue. Another kind of monetization happens when the Gooligan malware spoofs device IMEI serial numbers. This gives the impression that apps are being downloaded more than once. The result is that for apps that pay for installs, this spoofing leads to inflating the app install count.
Most vulnerable are devices running Android 4 Jelly Bean or KitKat and Android 5 Lollipop.
Where all it’s found…
Gooligan malware has done most mischief in Asia, where 57 percent of hacking is reported. America comes next with 19 percent and Europe is third with 9 percent.
Check Point reported that 57 percent of those hacked are in Asia, but 19 percent are in America and 9 percent are located in Europe.
Other than having a reliable Android antivirus, it’s most important to stay cautious of phishing mails or links and suspicious websites. While using third party apps, all security measures are to be adopted.
In case of infection, it’s a clean install of the OS by ‘flashing’ which would be the best option. Getting a technician to sort out things too would be good.