Security firm Check Point warns for a new mobile malware variant that it has called Gooligan. The malware infects devices through legitimate looking apps that are offered outside the Play Store and through phising campaigns. At its peak the malware infected more than 13,000 Android devices a day.
Gooligan especially targets Android 4 and 5 devices, mostly in Asia (59%) but also European (9%) and American(19%) users aren't safe.
The malware roots the device after which it steals email addresses and authentication tokens and sends them to a command and control server. The stolen data allows the developers of the malware to get access to data stored in apps from Google such as Gmail, Photos and Drive.
Check Point claims the malware has already infected more than 1 million devices.
Gooligan also downloads and install adware and the stolen accounts are used to give positive reviews to apps to raise their reputation.
A special tool allows users to check whether they are the victim of the Gooligan malware. When infected, the best way to get rid of the malware is to do a clean installation of the device and to change the Google password(s).
