What the Gooligan Hack Means to You

Author: Craig Pollack Date: Dec 01, 2016 Topics: Cybersecurity

What the Gooligan Hack Means to You

A new Android malware, called "Gooligan", is responsible for what’s believed to be the biggest theft of Google accounts on record. The strain has infected as many as 1.3 million Android phones since August. This latest hack has compromised devices stealing the tokens users are given to verify they are authorized to access accounts. 

But it looks like it's main goal is not to pilfer all the juicy Google data, rather it's looking to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.

According to researchers at Check Point, it's spreading at an alarming rate - racking up an average of 13,000 new infections every day. Once downloaded, Gooligan determines which Android phone it’s infected and launches the appropriate exploits to take complete control of it. To do that, the attackers have used long-known vulnerabilities on devices running Android 4 through 5, including Jelly Bean, KitKat and Lollipop. Together, those operating systems account for 74 per cent of Android devices in use today, totalling around 1.03 billion. 

Once Gooligan has control of the phone, the victim’s Google account token is siphoned off to a remote server and could be used to gain access to their Gmail, Docs, Drive, Photos and other data, even where two-factor authentication is turned on. Check Point’s researchers were able to trace that server, uncovering a stash of 1.3 million real Google accounts.

To avoid infecting your device, you should only download apps from the official Google Play store. You can go to this site that Check Point has built to see if your Google account was breached. If your phone is infected, things get a little more difficult. Check Point recommends wiping out your phone and re-installing a clean operating system. This is complicated, so it's best to turn off your device and get professional help. And then once your phone has been fixed by a pro, make sure you change all of your Google passwords.

On a related note, if you'd like to see how your company's security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.

New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.