What is Gooligan and How to Identify if Your Smartphone Is Infected

A recently reported malware continues to breach 13k new Android devices each day; the malware known as Gooligan that specializes in hacking smartphones running old Android versions. Gooligan spreads itself by sending text messages with a link to infected apps hosted on 3rd party app stores that can look like a message from someone you know encouraging you to try a “new and amazing” app.

What Happens When Gooligan Owns Your Device?

After a user’s device is infected by Gooligan, malware begins to install other malicious software without asking the user’s permission. In most cases Gooligan silently installs its apps to show its ads, but this ability grants permission to install any app on a victim’s smartphone, including more adware or even ransomware. Worse yet, exploiting known Android vulnerabilities give hackers access to any security data and authentication tokens located on the device. This, in turn, gives attackers access to victim’s Google account. Basically, this means that anything, including your emails, business contacts, notes with passwords, or other sensitive data you store in the cloud, can be stolen within a few minutes after the attack.

Furthermore, statistics suggest that only slightly over 20% of Android users have the latest Android version and recent updates. This situation is even worse with security apps—a very few people per thousand Android users actually use any antivirus apps at all.

How to Check if Gooligan Has Infected Your Google Account

To identify Gooligan on your device, you need to check your smartphone for any suspicious apps installed without your permission, by following these easy steps:

Step 1: Check your list of apps. Take a closer look at any app you do not remember being there a month ago, or those you are not sure were installed by you.

Step 2: Check the list of apps running on background. To do that on Android 5.x, go to Settings > Apps > Running.
If your device runs on Marshmallow, you will need to enable Developer Mode. Go to Settings > About Device and tap Build number 7 to 10 times. After this, return to settings and you will see the Developer Options section.

Step 3: To ensure your device is 100% clean, try using this online tool that allows to check if your email (i.e. Google account) is affected by Gooligan.

How to Delete Gooligan From Your Smartphone

If you’ve noticed any signs of being hacked with Gooligan, following steps will help you clean your Android device from Gooligan and other malicious apps:

Step 1: Go to your smartphone’s Settings and update the operating system. This will close all known vulnerabilities and security holes used by Gooligan.

Step 2: Go to your Google Account settings panel and change the password. This will eliminate any access hackers may still have to your account.

Step 3: Be sure to change security questions and answers in your Google Account and update this information in your accounts on other services.

How to Protect Your Google Account From Gooligan and Other Malware

In 2016 we saw an increasing trend of malware and ransomware attacks directed both toward PCs and mobile devices, and this trend is here to stay. The more information people store in the Google, Apple or Microsoft cloud, the more opportunity there will be to steal data.

To protect your data from Gooligan and other malware apps, follow the basic cybersecurity rules:

• Do not install apps from any 3rd party marketplaces
• Keep your passwords strong, and reset them every 4-6 months
• Avoid storing your sensitive or business data in the cloud or on any 3rd party servers
• Update your operating system and install all security updates once they are released

If you rely on Outlook to manage your business contacts, calendar events and other important data, you can use Akruto for secure syncing with your mobile device