1 Million Google Accounts Breached by Gooligan Malware

Gooligan has compromised and stolen login tokens from over one million Android devices, the malware was first seen in 2014, and initially, it didn’t include the ability to steal Google login tokens.

Since it first appeared, the malware has been detected by different security firms under different names such as Ghost Push, MonkeyTest, and Xinyinhe. In Google reports, you’ll find it referenced as Ghost Push. This malware uses malicious apps hosted third-party app stores to infect users. Once Gooligan has a foothold on an infected device, it contacts an online command and control (C&C) server and downloads a rootkit package that gains boot persistence and also includes four or five Android exploits that root the device.
Gooligan
Anyone running an older version of the Android operating system, including Android 4.x (Jelly Bean, KitKat) and 5.x, (Lollipop) is most at risk, which represents nearly 74% of Android devices in use today. After getting root privileges, Gooligan installs apps from the Google App Store as part of affiliate pay-per-install schemes, gives fraudulent ratings to apps on the Google App Store, and installs adware that clicks on ads for the malware author’s profit.
This is what Gooligan does :

1.Steal a user’s Google email account and authentication token information
2.Install apps from Google Play and rate them to raise their reputation
3.Install adware to generate revenue

Appendix A: List of fake apps infected by Gooligan

Perfect Cleaner
Demo
WiFi Enhancer
Snake
gla.pev.zvh
Html5 Games
Demm
memory booster
แข่งรถสุดโหด
StopWatch
Clear
ballSmove_004
Flashlight Free
memory booste
Touch Beauty
Demoad
Small Blue Point
Battery Monitor
清理大师
UC Mini
Shadow Crush
Sex Photo
小白点
tub.ajy.ics
Hip Good
Memory Booster
phone booster
SettingService
Wifi Master
Fruit Slots
System Booster
Dircet Browser
FUNNY DROPS
Puzzle Bubble-Pet Paradise
GPS
Light Browser
Clean Master
YouTube Downloader
KXService
Best Wallpapers
Smart Touch
Light Advanced
SmartFolder
youtubeplayer
Beautiful Alarm
PronClub
Detecting instrument
Calculator
GPS Speed
Fast Cleaner
Blue Point
CakeSweety
Pedometer
Compass Lite
Fingerprint unlock
PornClub
com.browser.provider
Assistive Touch
Sex Cademy
OneKeyLock
Wifi Speed Pro
Minibooster
com.so.itouch
com.fabullacop.loudcallernameringtone
Kiss Browser
Weather
Chrono Marker
Slots Mania
Multifunction Flashlight
So Hot
Google
HotH5Games
Swamm Browser
Billiards
TcashDemo
Sexy hot wallpaper
Wifi Accelerate
Simple Calculator
Daily Racing
Talking Tom 3
com.example.ddeo
Test
Hot Photo
QPlay
Virtual
Music Cloud

Right now the only way to get rid of this Malware is to re-flash your device.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>