Short Bytes: A new Android malware, named Gooligan, is here to compromise your Google accounts. It steals the account authorization keys and installs malicious adware on devices. With a 1 million infected devices, Gooligan continues to infect 13,000 new devices each day. Check Point has released an online tool to check if your Google account has been compromised by this dangerous malware.

Reputed security firm Check Point has found a new malware in the wild that’s being exploited to hack the user accounts of Google users. This attack has been named Gooligan and it has already breached the security of more than 1 million Google accounts.

The researchers have published a blog post detailing how Gooligan malware roots the infected devices and steals authorization tokens. As a result, the attacker can access a user’s various Google accounts like Gmail, Play, Photos, Docs, Drive, etc.

How does Gooligan compromise Google accounts?gooligan-malware-working-1

Gooligan is chiefly spreading through infected Android applications. Once it finds its place on an Android device, the malware sends data about the device to its Command and Control (C&C) server. It’s followed by the downloading of a rootkit from C&C server. The payload roots the device and the attacker gets unrestricted remote code execution access to the device

After rooting, Gooligan downloads a new module that injects code into Google Play or Google Mobile Services to impersonate the user behavior. Ultimately, this module steals Google account authentication and token information. Gooligan also installs apps from Play Store and rates them to improve their ranking. Another notorious activity performed by Gooligan is the installation of adware to generate revenue.


This way, malware continues to infect 13,000 new devices each day.

The potentially infected Android versions are Android Jelly Bean, KitKat, and Lollipop — a group that accounts for about 75% devices in the market. Out of these, 57% devices are located in Asia and 9% are in Europe.

How to check if Gooligan has compromised your Google account?

Check Point has released an online tool that lets you check if your Android smartphone has been infected. Simply visit and enter your email account to perform the security test.

Just in case your device has been breached, you should perform a clean installation of your mobile OS or ‘re-flash’ it. Also, it goes without saying that one should change the Google account passwords immediately.

Check Point has informed Google Security team regarding this malware campaign and they’re working to investigate the issue.

Did you find this article on Gooligan malware helpful? Share your feedback in the comments below.

Also Read: Top 10 Most Dangerous Malware That Can Cripple Your Device

Adarsh Verma
Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]