Gooligan/Googlian Android Malware steals Google credentials

Researchers at Checkpoint, Inc. have found a family of malware which, when installed on vulnerable Android OS version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) gives the hacker full control of the device. Then it steals Google credentials to give the hackers access to all Google apps. The malware can be downloaded a link in a phishing message or text, or be installed through software downloaded from a third-party site. According to the researchers, more than one million accounts may have been compromised, about 57 percent of devices infected by Gooligan are located in Asia, about 19 percent are in the Americas, about 15 percent are in Africa, and about 9 percent are in Europe.

Google has been actively shutting down compromised accounts as they are found, and has made available instructions for “Verify Apps” https://support.google.com/accounts/answer/2812853?hl=en so that people can check the apps they have and prevent installation of malicious software in the future. There is also a list of known infected apps at the Checkpoint URL listed below in the notes.

Notes:

http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

http://arstechnica.com/security/2016/11/1-million-android-accounts-compromised-by-android-malware-called-gooligan/