Check Point, a network security firm, has just discovered that over 1 million Google accounts have been compromised by Gooligan. This is a new type of malware similar to SnapPea that infected Android devices last year. Gooligan mainly steals authentication tokens that can be used to access Google Play, Gmail, Google Photos, Google Docs, G Suite, and Google Drive.
Gooligan Breaches Over 1 Million Google Accounts
How Gooligan Malware Works
Gooligan can infect your Android smartphone or tablet can via third-party apps you download from app stores other than Google Play. The malware then collects data and even installs rootkits without your knowledge. Next, Gooligan roots your device and installs a new module. Once this is achieved, it will steal your email accounts and authentication tokens. Finally, the vicious malware injects codes into your Google Play and downloads malicious apps.
What is Google Doing About Gooligan?
Check Point have indeed reached out to Google and disclosed their findings. Google has acknowledged the issue and vowed to tackle Gooligan head on. They even released an official statement.
“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues. We’ve taken numerous steps to protect our users and improve the security of Android.”
Which Android Devices Are Affected?
According to Check Point, “Gooligan potentially affects devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which is over 74% of in-market devices today. About 57% of these devices are located in Asia and about 9% are in Europe.”
How Do I Know If Gooligan Has Infected My Android Device?
Check Point have prepared a website that allows you to check whether your Google account has been breached by Gooligan.
Enter your Google account email address and click ‘Check’.
If the pop-up message states “YOUR ACCOUNT WAS NOT BREACHED”, your safe.
Otherwise, you need to flash your Android device.
Also, change your Google account password immediately.
List of Fake Android Apps Infected with Gooligan
Small Blue Point
Puzzle Bubble-Pet Paradise
Wifi Speed Pro
Sexy hot wallpaper
Talking Tom 3
How Can I Protect My Google Account?
There are several steps you can implement to increase your Google account’s security. Here are the most important.
Never install Android apps from third-party markets. You never know who actually uploaded these apps. Only download apps from the official Google Play Store. If a certain apps is not available in your region, you can always use VPN to change your Google Play Store country.
Periodically change your Google account password. Do not use an easy-to-guess password. Also make sure that the password you are using is not associated with any of your other online accounts. You can create a strong password in seconds by using a random password generator.
Always keep your Android device up-to-date. Checking whether there is an update for your Android phone or tablet can be easily done via the device’s settings.
Use a virtual private network to add an extra layer of privacy and security to your online activities. Hackers and cyber criminals will be blocked from eavesdropping on what you’re doing online.
Take Your Online Security and Privacy Seriously
Gooligan is the biggest Android security breach to date. Google and Check Point are continuing their cooperation in an attempt to halt the malicious malware. Use the guide above to check whether your Google account has been breaches. Also, make sure to implement the aforementioned tips and tricks to increase your online privacy and security. You can never be too safe online.
Streaming gadgets geek. Interested in every little thing there is to know about bypassing regional restrictions. An avid believer in the right to protect online privacy. Charles has also reviewed plenty of VPN service providers and knows how to separate the good apples from the bad ones.