Detected by a firm dedicated to security, a malware would have affected more than one million Google accounts. Were you infected? How does this malware work? What apps are affected? Here are 5 questions and 5 answers.

  1. What is Gooligan?

This is a variant of the Android Ghost Push malware, which will be called “Gooligan”. This malware takes advantage of a fault present in several older versions of Android, Jelly Bean, KitKat and Lollipop (Android 4.x to Android 5.x).

This represents more than 74% of Android devices in circulation. Check Point, the company that launched the alert, observes that malware is spreading at a rate of 13,000 new devices a day.

  1. How does it work?

The malware allows you to place a Google token that allows Google to access the Google Account and related services. When an authorization token is stolen by an attacker, they can use this token to access all Google-related user services, including Google Play, Gmail, Google Docs, Google Drive, and Google Photos. 

  1. What is the risk?

Even if you have enabled more advanced authentication options, this method, unfortunately, can bypass this mechanism. They have access to your data stored at Google, such as your emails, photos, documents and so on.

  1. How to avoid being infected by Gooligan?

We must follow the basic safety tips. The malware spreads through phishing via a simple URL, paying attention when you open links from your emails and social networks, but also by installing a malicious application. For the latter, it is better to avoid installing pirated apps, apart from Google Play.

If you have a device equipped with the latest version of Android, like Marshmallow or Nougat, you have much less risk of being infected (especially if your device was natively on the latest versions of Android).

  1. How do I check if your Google Account is not affected?

Checkpoint has set up a site to check if your Google Account has been hit. Just enter its email address, Checkpoint consults a database updated in real time. If you want to avoid entering your e-mail in this form, what you can understand, however, know that the vast majority of affected devices are in Asia. Moreover, it is the Chinese market that is particularly affected by malware, the markets of apps are numerous and Google Play is absent.

If you are infected, Checkpoint recommends resetting your device and changing your Google Account password. Most of the time, a factory reset can be found in the settings on the Security tab. Do not forget to save your data before you start an operation of this type.