Gooligan’s main attack vector is through Android-based smartphones, attacking users that have downloaded infected apps. Once Gooligan finds its way onto an Android smartphone or tablet, it proceeds to root the device and then downloads additional payloads to compromise email accounts and steal authentication tokens.
But that’s not all, the malware is capable of injecting code into Google Play so that it can install shady apps and automatically given them high ratings to boost their review scores. And to add insult to injury, Gooligan installs adware that is then used to generate additional revenue for the malware authors.
According to Check Point, over 1 million Google accounts have been compromised by Gooligan, however, the malware is still infecting additional devices at a rate of roughly 13,000 per day. So far, the bulk of the infections are in Asia (57 percent), while the Americas takes the second-place position with 19 percent. Africa and Europe come in at 15 percent and 9 percent respectively. As for infection rates, Gooligan primarily targets devices running Android 4.x (Jelly Bean, KitKat) and Android 5.x (Lollipop). These operating systems currently represent 74 percent of all Android devices on the market.
Naturally, Check Point reached out to Google once it determined the scope of Gooligan’s wrath. "We appreciate Check Point's partnership as we've worked together to understand and take action on these issues,” said Adrian Ludwig, Google director of Android security. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Check Point has provided an online tool to see if your Google account has been compromised by Gooligan. If your account has been flagged, it’s strongly recommended that you perform a factory reset of your Android device.