Receive the latest mybusiness newssign up
Android users warned of new malware attack

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Android users warned of new malware attack

A hooded figure, its face covered in shadows, holding a tablet

Maintaining a high level of digital security is vital in this information society, and recent cyber attacks have highlighted vulnerabilities that could ruin a business.

In late November 2016 it was revealed that an Android malware, nicknamed Gooligan, had reached more than 1 million devices over an approximate four-month period.

Gooligan falls under the Ghost Push family of malware, whereby a user downloads an app, usually from an app store other than the Google Play store, or clicks on an infected link. This allows hackers to remotely hijack the user’s phone and download apps for the purpose of increasing illegitimate positive reviews or increasing an app’s number of downloads.


A phone infected with Gooligan can also give hackers access to the user’s email account and authorisation tokens, or access to various Google accounts, such as Google Photos, Google Play, Google Drive, Google Docs, Gmail and G Suite.

For SME owners, many of whom use their phones for both business and leisure, the loss of access to all that content, such as bank or credit card details, photos, videos and other personally valuable data, could ruin their business, as well as their digital identity.

The implications of app malware

A hooded figure, its face covered in shadows, holding a tabletGoogle has stated that the current Gooligan malware variants have not accessed any user information, but this does not mean a future variant of Gooligan or Ghost Push malware will not.

Google and Check Point Software, a cyber security software provider, are working together to reduce Gooligan's effectiveness.



“This theft of over a million Google account details is very alarming and represents the next stage of [cyber attacks],” said Michael Shaulov, Check Point’s head of products, mobile and cloud security.

“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Adrian Ludwig, Google’s director of Android security, issued a statement to clarify the situation.

“As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” he said.

As a result, Mr Ludwig said Google is now able to “detect and prevent installation of over 150,000 variants of Ghost Push.”

How does Gooligan work?

Gooligan targets phones on older operating systems, specifically Android 4 (Jelly Bean, KitKat) and 5 (Lollipop). While Android is up to Android 7 (Nougat), Android 4 and 5 are used on over 74 per cent of Android devices worldwide.

Affected devices can remove the Gooligan malware by overwriting the phone’s operating system, referred to as “flashing”.

Flashing an operating system is a difficult process and should be done by an expert. If a flash is done incorrectly, it may result in a loss of data or make the phone inoperable.

Android users warned of new malware attack
mybusiness logo