Security researchers have revealed that a previously unidentified malware campaign targeting Android phones has claimed more than 1 million victims since August.

According to security firm Check Point, which publishes the excellent ZoneAlarm antivirus software, the Gooligan malware continues to infect more than 13,000 devices every day.

Check Point has since joined forces with Google’s own security team to get to the bottom of this worrying malware campaign.

 

What does the Gooligan malware do?

The Gooligan virus, which is part of the massive ‘Ghost Push’ family of malware, automatically roots any device it infects.

Rooting the device gives the hackers deep access to the phone’s source code, which means it can make changes, and/or download software, in a way that normally wouldn’t be allowed.

Practically, the malware does a few different things:

  1. It takes your Gmail account and authentication tokens, which allows the hackers to access data from a range of Google apps, like Gmail, Google Docs, and so on.
  2. It automatically installs apps from the Google Play Store and rates them in order to make them more visible by raising their reputation.
  3. The malware also installs adware on the user’s phone, likely in order to fund the malware campaign

 

Which phones are vulnerable to Gooligan?

Anyone using Android 4 or 5 – that’s Jelly Bean, KitKat or Lollipop – is at risk. That’s around three-quarters of all Android devices in use, with most of those users being based in Asia.

You can protect your phone by updating to the newest Android software available for your device.

 

How did the Gooligan malware spread?

Check Point’s security team believe the malware is spread in two main ways.

Devices are infected when a user downloads an app from a third-party app store. These are quite popular, despite the lack of safety compared to the Play Store, because they often offer paid apps free of charge.

Another way the malware gets on to victims’ phones is via phishing links sent via messaging apps. Again, these lead to downloads of rogue apps, of which dozens have been identified on the Check Point website.

 

How to tell if you’re a Gooligan victim

The quickest way to tell whether your phone is affected by the Gooligan malware is to click on the link below to visit the special website set up by Check Point:

Gooligan Checker

 

What to do if your device is infected by Gooligan

If your device has been affected, there’s no need to panic. In order to get rid of the malware your device will need a completely new, fresh installation of the Android software. It’s best not to do this yourself unless you feel confident about re-flashing your software. A phone repair service or mobile phone store should be able to perform this for you.

 

It always pays to be vigilant when it comes to protecting all of your devices. Check out our upcoming Android security app roundup later this month. In the meantime, check out our head-to-head between McAfee and ZoneAlarm for Android security top dog!

Paul Weaver
Paul came to us straight from sunny California. He’s an MBA graduate from Stanford University, specializing in computer and network security. Nowadays he spends his working hours designing and developing secure, safety-critical systems. His most enthused when sharing tips on antiviruses.
COMMENTS
Choose your avatar