1 Million+ Google Accounts Compromised by Gooligan Malware

Credit: Bakhtiarzein | Dreamstime.com –

News is spreading across the internet that more than 1 million Google accounts have been compromised by a malware known as “Gooligan”. The Gooligan malware, which is a type of Trojan Horse, infects Android devices through infected apps that a user installs on their device. Once infected the malware than steals the users authentication key and has full access to the users Google account, including photos, email and docs. According to Google, the Gooilgan malware is a variant of malware that has been around since 2014, called “Ghost Push”.  Another variant of Ghost Push was found in SnapPea, an Android backup and sync application, last year by security researchers at Checkpoint. They are estimating that 13,000 new accounts are being compromised daily.

According to Google the malware does not seem to be stealing information so much as installing unwanted applications. In a blog post Google’s Adrian Ludwig states the following “…The motivation behind Ghost Push is to promote apps, not steal information” he goes on to say that there doesn’t appear to be any specific users targeted. He closes out with some reassuring words that Google is on top of this one stating that they have “..taken many actions to protect our users and improve the security of the Android ecosystem”, such actions include removing the installed applications from user devices and the Play store, revoking authentication tokens, and informing users.

If you are worried that you may be affected Checkpoint  is providing a free tool to check if your account is affected. They are also listing known affected applications on their blog. If you find out that you have been affected you should wipe your device, and change your passwords for any Google accounts currently or previously associated with your device immediately. . We also recommend changing any other account passwords used on any device that has been affected, this may be a bit of paranoia, but It is always a good idea after a security breach.

To mitigate such infections we recommend that you only install apps from authorized sources, and then only the applications you need. Running an anti malware app such as Lookout can help. These measures will only mitigate risk, nor eliminate it. Any time you install an application there is some risk, so choose wisely.

(Sources: Cnet, Checkpoint, The Hacker News, Google)