Android 'Gooligan' Hijacks Accounts, Downloads Junk Apps

Checkpoint says it has discovered one million accounts compromised through Gooligan.

Malware meant to spice up promoting earnings and app rankings at the Google Play retailer may just doubtlessly infect 74 p.c of Android units, in line with safety researchers.

Nicknamed “Gooligan,” the malware makes use of a phishing rip-off to scouse borrow authentication tokens for Google accounts, permitting it to obtain pretend apps to the customers’ Android telephones and pills with out their wisdom, in line with Checkpoint Safety.

Gooligan’s number one motivation seems to be financial. Its creators most probably obtain fee when the apps it downloads advertise themselves through the use of the hijacked Google account to go away pretend sure critiques and simulate tapping on commercials.

There’s no proof that Gooligan is getting access to any consumer information from hijacked accounts, in line with Google. The corporate wrote in a weblog submit that it’s conscious about different equivalent malware—it calls the style “Ghost Push”—and is operating with Checkpoint to analyze and give protection to customers.

Ghost Push impacts older Android Ice Cream, Jelly Bean, KitKat, and Lollipop cellular working programs, however they’re discovered on 74 p.c of Android units.

Checkpoint says it has discovered one million accounts compromised through Gooligan; 57 p.c are in Asia, 19 p.c within the Americas, 15 p.c in Africa, and 9 p.c in Europe. Its workforce created a device to test in case your account has been compromised, in addition to an inventory of apps recognized to be suffering from Gooligan.

The apps seem to be most commonly junk utilities and video games, with names like WiFi Enhancer, Very best Cleaner, and Puzzle Bubble-Puppy Paradise.

Gooligan is one of many traces of Ghost Push malware to floor. The Android safety workforce has been monitoring the Ghost Push circle of relatives since 2017, and ultimate yr discovered greater than 40,000 apps related to it. Along with Gooligan, there are doubtlessly greater than 150,000 similair malware traces, Google stated. Each and every time it reveals one, it revokes the stolen authentication tokens and notifies customers that their accounts were breached.