How to Tell if Android is Infected with Gooligan (And What to Do)

How to Tell if Android is Infected with Gooligan (And What to Do)

About 1 million Android devices have been infected with a particularly nasty malware known as Gooligan. The malware has been spreading at an incredible rate since the summer, according to cybersecurity company Check Point. Over 13,000 new infections are happening every day.


How Do You “Catch” Gooligan?


Gooligan is not a new threat. It’s the latest variant of malware identified in 2014 called “Ghost Push.” However, Gooligan is the most complex and wide-spreading version to date.

The malware infects older versions of Android; 4 (Jelly Bean, KitKat), and 5 (Lollipop). It installs after a user unwittingly downloads an app from a third-party app store (Check Point has a list of the malicious apps at the bottom of this page .

According to GameNGuide, it’s unclear whether the malware affects later Android versions Marshmallow (Android version 6) and Nougat (version 7).


Why is it Dangerous?


Once the malware is installed, it can access a user’s Google account and apps including Google Photos, G Suite, Google Drive, and more. This allows a hacker access to data stored with these services, as well as the compromised user’s Google account.

Unfortunately, two-factor authentication does not protect against this threat. Gooligan allows hackers to steal a Google authentication token. These tokens are used to log into all of the Google apps and services using a single account.

According to Check Point, once a hacker has an authentication token, two-factor authentication can be bypassed.


How to Tell if You are Infected?


One way to tell is to look for suspicious apps that you may not be aware you installed. You can view all installed apps on an Android device by tapping “Settings” and then “Apps.”

Check Point also has a handy tool that lets you check if your Google account has been compromised (which more than likely means you’ve been hit with Gooligan). You can find the tool here.


Getting Rid of It


Check Point recommends the following steps:

  • A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device is “re-flashed.”
  • Change your Google account passwords immediately after this process.


Preventative Care


To avoid getting this and other malware, keep your phone’s software up-to-date. Also, refrain from downloading apps from third-party app stores such as AppBrian, GetJar, and others. The apps on them simply aren’t as well vetted as ones on the App Store and Google Play.