An authentic bomb was discovered yesterday, a new malware attack, called Gooligan, managed to attack about 1 million Google accounts (and to rise more and more.About 13 thousand accounts a day.)

What does the virus do?

The security company at Check Point was responsible for identifying this variant of Android malware that rootes to Android devices and steals email addresses and authentication credentials. After getting the email and password, attackers can access data saved in Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite.

The main target is devices with older versions of Android: Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent close to 74% of all Android devices in use. Once the attackers are able to gain control over the device, they are able to earn money by installing apps from Google Play, without the victim being aware.

How does Gooligan spread?

The good old method of propagation via installing untrusted applications. When installing an application infected with Gooligan on a vulnerable Android device, or clicking on a malicious link in an email message Phishing (which mostly arrives by email).

The numbers of this malware

So far we know that Gooligan installs at least 30 a thousand apps on compromised devices, which means more than two million apps since the start of this campaign.

What is being done to stop Gooligan from advancing?

Google contacted all affected users and revoked their access credentials, also removing apps associated with the Ghost Push family from its official Google Play store and adding new protections to its Verify Apps technology.

Make sure you are infected with Gooligan

The security company Check Point provided a free tool for verification. BClick here and enter your email.

What if the account was infected?

You will need to reinstall your operating system. A total clean.