Gooligan Malware Infects Millions of Android Devices

A new malicious threat known as Gooligan has been to attack over a million of Android devices and infects thousands of new hosts daily.

The Gooligan Malware is A Serious Danger To All Android Users

A new Android malware known as Gooligan has been identified by security experts from Check Point Security. According to their analysis the recent malware campaign that served the virus has breached the security of over one million Google users. The rising rate of infections shows that 13 000 new breaches are carried out every day.

The malware has the capability to “root” the infected devices, steal various authentication tokens which are used for accessing various services such as Google Play, Gmail, Google Photos, Google Docs, Google Suite, Google Drive and others.

The Gooligan malware affects Android devices that run version 4 (Jelly Bean and Kitkat) and 5 (Lollipop) which is the majority of the market share of the operating system. About 57% of the compromised installations are in Asia and only about 9% are in Europe.

The infections were made through numerous counterfeit applications which were distributed in third-party repositories and various download sites.

The first samples of Gooligan were identified in code snippets that were featured in a malicious app called SnapPea. The code was updated by malware developers and new features were added. The new Gooligan threat has a complex architecture that uses code injection attacks into the system processes of the Android operating system. Other than third-party repositories the Gooligan malware can also be downloaded by clicking on malicious links found in spam emails sent by the hackers.

Upon infection the malware gathers data about the compromised devices and sends it back to the remote malicious C&C servers. The Gooligan virus then proceeds to download a rootkit which uses various exploits to root the device. When this achieved the hackers achieve full control of the device making privileged remote code execution possible.

However Gooligan doesn’t stop there. The malware can downloade new modules from the servers and installs them on the compromised machines. They are placed on the Android devices using code injections in the Google Play or Google Mobile Services processes. They allow the virus the following capabilities:

  • Steal the user’s associated Google account and authentication token data
  • Install various applications from the Google Play repository and rate them to raise their reputation
  • Install additional adware and malware for additional income gain

Similar to other attacks this malware also uses fake device identification information such as the IMSI and IMEI numbers to download twice various applications. This is a widely used strategy to double the potential income gain that is agreed between the malicious ad marketers and the criminals.

The security experts have immediately notified Google about the threat and the company is working on security updates that will amend the issue.

List Of Gooligan Infected Apps

Here is the full list of Android apps that are infected with the Gooligan malware:

Perfect Cleaner
Demo
WiFi Enhancer
Snake
gla.pev.zvh
Html5 Games
Demm
memory booster
แข่งรถสุดโหด
StopWatch
Clear
ballSmove_004
Flashlight Free
memory booste
Touch Beauty
Demoad
Small Blue Point
Battery Monitor
清理大师
UC Mini
Shadow Crush
Sex Photo
小白点
tub.ajy.ics
Hip Good
Memory Booster
phone booster
SettingService
Wifi Master
Fruit Slots
System Booster
Dircet Browser
FUNNY DROPS
Puzzle Bubble-Pet Paradise
GPS
Light Browser
Clean Master
YouTube Downloader
KXService
Best Wallpapers
Smart Touch
Light Advanced
SmartFolder
youtubeplayer
Beautiful Alarm
PronClub
Detecting instrument
Calculator
GPS Speed
Fast Cleaner
Blue Point
CakeSweety
Pedometer
Compass Lite
Fingerprint unlock
PornClub
com.browser.provider
Assistive Touch
Sex Cademy
OneKeyLock
Wifi Speed Pro
Minibooster
com.so.itouch
com.fabullacop.loudcallernameringtone
Kiss Browser
Weather
Chrono Marker
Slots Mania
Multifunction Flashlight
So Hot
Google
HotH5Games
Swamm Browser
Billiards
TcashDemo
Sexy hot wallpaper
Wifi Accelerate
Simple Calculator
Daily Racing
Talking Tom 3
com.example.ddeo
Test
Hot Photo
QPlay
Virtual
Music Cloud

How disturbing is this problem?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *