Gooligan malware compromises 1 million Google accounts

Heather Parry

By Heather Parry

02 December 2016

This week, researchers at Check Point Software Technologies alerted the world to the existence of malware found in a least 86 Android third-party apps.

The malware, dubbed Gooligan, is a more aggressive variant of the Ghost Push malware, found in September 2015. It operates on Android 4 and 5 (Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop) and gains highly privileged systems access via a process known as rooting.

If the rooting is successful, attackers can control the device and then install software that steals authentication tokens. These tokens allow devices to access Google-related accounts without the user entering a password. This means that data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive is then accessible to the attacker.

The researchers say that this malware has compromised more than a million Google accounts, most of which seem to be located in Asia.

If you’re concerned that your account may be affected, visit to check and see. You can also read the original blog post, to see if you have downloaded any of the known malware-containing apps.

If you’re thus far unaffected, ensure that your security is maintained as you go forward. This sort of malware is found primarily in third-party apps from non-Google app stores, which are often cheaper than Google Play Store apps, or even free. However, free apps often compromise your security; after all, something has to pay for the app, and it might just be that you’re paying with your identity or data.

Avoid third-party app stores, and invest some time and research into how best to protect yourself, and your device, when you download new apps.

Your security is precious; don’t throw it away.

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More