A malicious Android malware formerly known as Ghost Push from 2014 as reappeared with a new name Gooligan, a malware that has been affecting Android devices for over two years now. It affects not less than 13,000 Android devices worldwide per day. The malware has been found on about 86 million apps, this apps were downloaded from unauthorized, third-party app stores.
According to the source the type of apps spreading this malicious malware are: Perfect Cleaner, Privacy Lock, Wifi Enhancer, Privacy Lock, StopWatch and the likes. This exploit are found to exploit older Android versions which includes: Jelly Bean 4.1 -4.3, 4.4 KitKat, Lollipop 5.0-5.1. Gooligan infects apps downloaded majorly from third-party apps and unkown sources. Once it infects a device it rapidly gains root access and takes full control of the device. Letting the infected device install malicious apps without the users consent. It Lives inside the infected app once its been downloaded by a user, it may not necessarily steal user data but it fraudulently makes your device install new apps or click on ads.
How to secure your Android Device from Gooligan Malware
Rooted phones are at a higher risks of getting infected by a malware, this is due to the user being elevated to an administrator, which allows malware to inflict a maximum amount of harm. Android users are strongly adviced not to root or alter with the OS on the phone or the bootloader.
– Android users are advised to stick with using Google Play Store for app downloads.
– Turn off “Allow installation of apps from unknown sources” under settings then security.
– Install a trustworthy Antivirus, I recommend AVG or Kaspersky
Gooligan is said to also captures infected devices Google account and reuse authorization tokens that let Android devices permanently log into Google accounts. You can check if your Google account as been compromised by Gooligan here.