1.3 million Google accounts compromised by Gooligan Android bug

The bug formerly known as “Ghost Push” has gotten some new life from some successful hackers. And its name is somewhat ridiculous: Gooligan.

Check Point Software and Google have been tracking down this bug, which spreads through the installation of malicious apps from third-party libraries, and seeing what Gooligan does. Once the app gets downloaded, malware inside the app siphons account credentials, roots your device, sticks in code into your apps and downloads more of them and abuses authentication tokens into your Google accounts for Google Play, Photos, Drive, Docs, Gmail and others.


Your compromised account may “pen” fake, five-star reviews for apps on the Google Play Store.

Devices on Jelly Bean, KitKat and Lollipop are at risk with this bug — which is pretty much most of the Android smartphone market out there — and its blast radius of 1.3 million accounts has mostly been in Asia at 57 percent. 19 percent of the affected accounts are from the Americas, 15 percent are from Africa and 9 percent are from Europe. An estimated 13,000 accounts are getting hijacked every day.


For a complete list of fake apps infected by Gooligan, head to our source link. You can also check to see if your Google account has been compromised at this site.

For its part, Google is tracking down all the fake apps and removing them from the Play Store as well as revoking the authentication tokens of Google accounts that may have been hijacked. It is also contacting internet service providers to take down servers where these Gooligan operations are taking place.

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.