Android Security Tech News

Gooligan Malware Infects 1 Million Android Devices

Dave Parrack 30-11-2016

A new type of malware is doing the rounds, and it has already infected 1 million Android devices. Dubbed Gooligan, this malware roots Android, giving the hackers full control of people’s devices. Anyone with an Android running Jelly Bean, KitKat, or Lollipop is currently at risk.


As discovered by security firm Check Point Software Technologies, Gooligan first emerged in August. Since then it has wormed its way onto 1 million Android devices, currently infecting around 13,000 devices every day.

Gooligan is present in at least 86 Android apps available from third-party marketplaces. It can also find its way onto your phone or tablet if you blindly click on a seemingly innocent malicious link. Once installed, Gooligan will wreak havoc by rooting your device The Complete Guide to Rooting Your Android Phone or Tablet So, you want to root your Android device? Here's everything you need to know. Read More .

Once your device has been rooted, Gooligan will download and install software capable of compromising the authentication tokens your device uses to access Google services. Those at risk include Gmail, Google Drive, Google Photos, Google Docs, and more.

Gooligan Boosts Google Play Ratings

The authors of Gooligan could conceivably use it in a number of different ways, including accessing your private data. However, it appears they’re actually using Gooligan to game Google Play, downloading apps and leaving 5-star reviews in order to boost the ratings of those apps. The reason? Money, of course, as this process generates serious revenue.

Google is already on the case, with Android security engineer Adrian Ludwig explaining:


“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”

If you own an Android device running on anything older than Android 6.0 (Marshmallow) Android 6.0 Marshmallow: What It Is and When You'll Get It Android Marshmallow is here -- but why should you care? Read More you should do two things: 1. Use this Check Point tool to see whether your Google account has been compromised, and 2. View the list of fake apps infected by Gooligan so you know what to avoid.

And, as always, you should use common sense when installing apps or clicking on blind links.

Have you been affected by Gooligan? Is this the first Android malware you have encountered? Does Google need to do more to protect Android users? Is Android’s level of fragmentation harming security? Please let us know in the comments below!

Image Credit: Jean-Etienne Minh-Duy Poirrier via Flickr

Related topics: Android, Android Rooting, Google, Malware.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jeff
    December 13, 2016 at 6:14 pm

    With all due respect, I just landed on your page by Googling and don't know anything about it or you. How can I be safe knowing that clicking on your links to check if I am infected will not, in itself, infect my phone or PC? Many websites portray to help people when in fact they distribute viruses which is exactly the opposite of what the users want. How can one protect effectively against that?

    • Cat
      December 22, 2016 at 9:02 am

      It's -_-

      • Jeff
        January 6, 2017 at 8:58 am

        It is not, of course, the one I meant :-)

  2. Alina Jones
    December 3, 2016 at 10:10 am

    thanks Dave Parrack for this useful post. how can store my old data in such a situation!


  3. Aayesha Modi
    December 2, 2016 at 10:32 am

    Thanks Dave Parrack for sharing this post!
    It is always refreshing to read here, and how can I safe my mobile from this malware infaction?
    Look forward to more updates from your end.


  4. Hildy J
    December 1, 2016 at 5:44 pm

    It's infecting 13,000 obsolete phones owned by gullible people each day. Meanwhile, about 1,500,000 Android phones which are immune to the attack are sold each day. Next we'll learn that giving your bank account information to someone who promises to transfer millions into it is a bad idea.

    • Don Key
      December 1, 2016 at 11:51 pm

      If a phone works, it ain't obsolete! Take you consumer consumption arrogance elsewhere.

      1,500,000 Android phones MAY be immune to the attack... for now. Until the scumbags making and pushing this stuff find a workaround.

      Never thought I would say that Apple is starting to look attractive, from a security point of view. But it truly is... and quite frankly I hate the Apple way of doing stuff. OK, totally despise it is probably more accurate.

      • Jim Van Damme
        December 5, 2016 at 7:06 pm

        I wish I could use the same Linux on my phone as I do on my PC. Android is the worst version of Linux.

      • Johnny R
        December 12, 2016 at 8:21 pm

        I kind of agree with the notion that people who get viruses... deserve them. I've been coding and working with computers since 1985. I've owned a hundred phones/tables/computers/servers. And never ONE single virus or bit of malware. Why? Because apparently I'm far less ignorant than the masses.

        So the moral is as long as there are ignorant people out there, these things will continue to be a threat. The only defense is a rise in the average person's IQ, and since the trend is the opposite direction, it's just another annoying fact of life now.