Over 1 million Android devices worldwide have been infected by malicious software. This malware attack campaign, named Gooligan, is affecting over 13,000 devices a day. Devices are typically infected by downloading various apps from third-party app stores instead of the approved Google Play store. Devices may also be infected when a user taps on malicious links in phishing messages.

The malware steals authentication tokens and accesses data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs. But even though it steals personal data, the main reason for it to infect devices seems to be produce revenue by downloading apps as part of an advertising fraud scheme.

Devices at risk at risk of being infected are those using Android 4 (Jelly Bean, KitKat), initially released in 2012 or Android 5 (Lollipop) released in 2014.

Users of an infected device will see pop-ads and unwanted software. You can check if your account was compromised on this site, gooligan.checkpoint.com, created by the security firm Check Point Software Technologies Ltd.

If you have been infected, you will need to ask your carrier to re-flash your device. That will install a clean version of the operating system. After that's been done, you will need to change your passwords on all of your Google accounts associated with the device.

Prevent Being Infected

To prevent being infected by this or other malware:

  • Download apps only from approved app stores.

  • Install and use security software on your device. Set it up to automatically update and run scans.

  • Keep your device's operating system to date. Whenever you are provided with an update, make sure to install it. You may check for the latest updates by tapping on System Updates under Settings.

Malware isn't going away so smart consumers will take all the necessary steps to protect their devices and their personal information.