Skip to content Skip to footer

One Million Compromised Google Accounts Due to Malware Called Gooligan

It’s been uncovered that an Android-based malware called Gooligan has compromised 1 million accounts. Many of them are users from an enterprise.

Android Versions

Check Point Software Technologies have stated that about 86 apps are available. When one of the apps is installed, rooting is processed to get access to phones that are working with Android’s Jelly Bean, Ice Cream Sandwich, KitKat, and Lollipop. All of this is a total of 74% users.

When the device is rooted, it downloads and installs software that takes authentication tokens to which gives access to Google-related accounts such as Google Photos, Google Docs, Google Play, Google Drive, G Suite, and Gmail.

Ghost Push

This is not the first time a similar malware came to light. In September 2015, Ghost Push was brought to attention. Still, Gooligan is said to be a more aggressive variant than the latter. Still, these no evidence that Gooligan was available in the Google Play Market. Additionally, about 57% of those affected are from Asia, 19% are found in the Americas, 15% were from Africa, and the last 9% were from Europe.


Users who have taken apps from third-party markets can now check if their account has been breached.

If you are affected by this malware, the only way to fix the issue is by reflashing the phones with a clean Android installation. After this, it is recommended to change all of your Google passwords immediately.

What are your thoughts of this breach? Is our identity truly safe out there?

Open chat
Hello 👋
Can we help you?