Meet Gooligan, malware that boost Google Play app rankings

If your device is still running on older version of Android, you should remain vigilant. Security researchers at Check Point has identified a malware namely Gooligan where it boost app rankings on the Google Play Store. Its estimated that over 1 million Google accounts have been compromised, with the malware infecting additional devices at a rate of roughly 13,000 daily.

Associated with the Ghost Push-family malware, Gooligan penetrates into your smartphone when an infected app is downloaded. Gooligan will then rely on Linux kernel exploits to root the device.

After that, it would proceed to download additional payloads in its attempt to compromise the user’s email accounts and steal authentication tokens.

googligan campaign

Next, codes will be injected into Google Play that allows it to install fraudulent apps in an attempt to boost said apps’ ranking. The malware will also install adware, generating additional revenue for the creators of said malware.

If your device is currently running on Android 6.0 Marshmallow and above, worry not because Gooligan as Google has since patched the vulnerability. However, not so for Android such as 5.0 Lollipop, your device is still very much vulnerable to this malware.

Wary of Gooligan? Check Point has come up with tool that would allow you to check if your account has been compromised. Its best that you perform a factory reset of said Android device to purge Gooligan if the result is positive

gooligan checker

Source: Hot Hardware

Show Comments