Gooligan Malware hacks 1 million Google accounts

The most recent research by Checkpoint has revealed another vindictive malware named Gooligan which has broken the security of a million Google accounts.

The malware works by injecting code into the devices and takes the tokens which are utilized to get to Gmail, Google Play, Google Photos and Documents, Google Drive and that is only the tip of the iceberg. Gooligan has tainted numerous Android phones mostly running android 4 and 5. Substantial numbers of casualties are from Asia where the malware has infected around 57% of the android devices and the number is expanding gradually. Other than Google accounts, it additionally contaminates various fake applications like Perfect Cleaner, Wi-Fi Enhancer, UC Mini, Memory Booster and so forth.

Gooligan also uses 3rd party applications, a spam email or SMS to get inside an android device. When a user installs any 3rd party app that is infected or associated with Gooligan, the malware gets access to the root directory of the device from where it uses the data of the device. Therefore, the hacker gets remote control of the device. In addition to stealing information from the Google account, the malware also installs apps from the Play Store and rates them itself in order to get paid by other parties.


Google administration was informed by Checkpoint about the malware and Google appreciated their efforts in recognizing this potentially harmful malware. Google and Checkpoint are now working side by side to examine the issue.

Director of Android Security at Google, Adrian Ludwig stated:

“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall”

The security team at Google started to work on this threat immediately and has taken steps to provide even more security than before. Google is also expelling the unsubstantiated applications from Google Play, revoking influenced tokens in addition to upgrading account’s security.

Check your account’s status

In order to check the security status of your account, click here.

If your account has been hacked or infiltrated then follow these steps:

1. Re-flash your phone with your currently installed operating system. You can do this by yourself if you have enough knowledge about it or you can take it to a certified technician.
2. Reset your Google account’s password after flashing.
3. Install an antivirus program in your phone such as Check Point ZoneAlarm to check the presence of infected apps on your device.

Click to comment

Leave a Reply

Your email address will not be published.

To Top