ThreatSTOP Blog

Gooligan- The recent Hooligan that is spreading

Written by ThreatSTOP Security Team | December 23, 2016

One criteria for the success of malware is its scope of distribution. Gooligan, a mobile malware, found in the app SnapPea that is described as a "one-stop shopping experience", has succeeded in this aspect. Check Point reported that this malware has breached more than 1 Million Google accounts. This malware has been distributed through apps that are available in third party Android stores. In order to increase the number of downloads for these apps, and in turn the malware, there have also been phishing campaigns which contained download links, sent through various messaging services.

In addition to its wide distribution, its pool of possible infected devices is wide due to the fact that it had been found to affect devices on Android 4 and 5 which includes a major portion of users.

Additionally, it can employ click-fraud which is another direct financial benefit for the operators and who can gain root access on the device which is achieved by use of known exploit kits.

ThreatSTOP customers are protected from Gooligan if they have the TSCrit targets enabled in their policy.