Check Point: Asia hardest hit in 'Gooligan' Android malware attacks

Posted December 02, 2016

Check Point first discovered Gooligan past year in the malicious SnapPea app. Gooligan was part of a mobile malware campaign targeted at Android devices and was attributed to malware families Ghost Push, MonkeyTest and Xinyinhe.

The director of Android security, Adrian Ludwig informed that the company is working with Check Point in order to protect the users and investigate the issue in-depth.

Android device users who suspect their account might have been hacked will need to go through a process called "flashing", which can be done by mobile service providers or a certified technician, Check Point Software Technologies said, adding that Google account passwords should be changed immediately after "flashing".

The malware roots Android devices, stealing the email addresses and authentication tokens stored on them. "We've taken many actions to protect our users and improve the security of the Android ecosystem overall", he wrote.

Check Point created a website,, where concerned Android users can check if their device has been compromised.

Check Point revealed that of the device's affected, 40 percent are located in Asia and around 12 percent in Europe. Gooligan is an aggressive variant of Ghost Push, a piece of Android malware that came to light in September 2015.

Check Point's report also states,"The group also noted that it "found traces of the Gooligan malware code in dozens of legitimate-looking apps on third-party Android app stores".

Check Point says that devices running Android 4.0 and Android 5.0 are at risk - that's almost 75% of Android users.

Malware meant to boost advertising revenue and app ratings on the Google Play store could potentially infect 74 percent of Android devices, according to security researchers.

Gooligan, part of the Ghost Push malware family, targets devices running Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which together represent nearly 74 percent of Android devices now in use.

The malware uses your Google account to download and boost ratings of Google Play apps. It's easy, just enter your email ID that's linked with your Android device and it'll instantly give you a feedback.

To know if your account has been compromised, try Check Point's free online tool. These apps exploit known flaws in the Android operating system to remotely control the device and install other apps without the user's knowledge or consent.