Save $99 on eero Pro 6 + Install. Use Code EEROINSTALL

Trojan Virus, Gooligan, Infects More Than a Million Google Accounts


The security company called Check Point recently reported on their blog that a malware, Gooligan, is infecting more than a million Google accounts. They further reported that this number is currently increasing at a rate of 13,000 infected accounts per day.

The potent malware is nicknamed Gooligan and is quite malicious. Its sources are currently being investigated by Google and Check Point’s team.

How Does Gooligan Damage Accounts?

According to the security firm that reported the incident, the malware forcefully roots devices that have been affected. It then steals authentication tokens, which are data that can be used to open your accounts in Gmail, Google Play, Google Docs, Google Drive, Google Photos, and G Suite.

According to Michael Shaulov, Check Point’s head of mobile and cloud security, the main goal of the virus is not to illegally acquire your emails, photos, and other personal files. Instead, your devices will be installing a bunch of apps without your permission, contributing to the revenue of a large advertising fraud. Your accounts can also be used to post fraudulent reviews in various GPlay app pages.

The advertising fraud works like this: certain people will earn money every time an app or advertisement they are trying to sell are downloaded and clicked on. So all of those applications forcefully downloaded on your device will increase the money they earn, while leaving your smartphone filled with junk.

Since they also use your accounts to create fake reviews on the apps they are peddling, this increases the possibility of tricking other users to download those apps. The cycle continues and the malware developers will keep making money while piggybacking on your Google accounts.

The trojan virus sneaks through infected third-party apps or programs that users install on their mobile phones. Since the infection rate is quite rapid, there is no definite way of knowing which apps and programs are safe or not.

Check Point further points out that this malicious software is a variant of the Android malware they previously found in the SnapPea app. It is also identified to be a part of the malware group called Ghost Push. Forbes, meanwhile, stated that this is the biggest Google-affected virus that has been recorded so far.

Will You Be Affected?

At the moment, most of the infected devices are pinpointed to be in Asia. To be specific, 57% of the affected devices are located in Asia. 19% are in the Americas, 15% are in Africa, while 9% are in Europe.

Devices running the Jellybean, KitKat, or Lollipop Android OS have a high potential of being infected.

Infected apps will look normal and legitimate at first glance, and can trick even some of the most vigilant. Once installed, though, the device is rooted and the forced downloads begin.

How to Fight Off Gooligan?

Protect yourself by refraining from downloading apps that you can’t fully trust. Google Play often denotes a blue diamond symbol for featured apps and they also state which ones are their editors’ choice. It is best to stick to downloading these for the meantime.

The Wall Street Journal also named some infected apps that you should stay away from. These include WiFi Enhancer, Perfect Cleaner, and StopWatch.

Check Point published an appendix of unsafe apps as well, as seen in the image below.

This is half of the list. The full list is in Check Point’s report on Gooligan.

As for Google, the tech giant’s head director of Android security, Adrian Ludwig, just released a statement to inform the public that they are taking action. According to him, they are “revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”

More of Ludwig’s statement can be viewed here (

Aside from all of that, everyone is highly advised to install a trustworthy antivirus software. If you have one already, do a scan ASAP!

What to Do if Your Accounts Have Been Infected?

If it is too late and Gooligan has acquired access to your accounts, then you should be receiving instructions from Google on what to do, as mentioned in Ludwig’s statement.

If you are unsure if you have been breached, you can check by using the website created by Check Point:

Once you know for sure that you have been hacked, you need to flash your device. This involves a re-installation of the virus-free version of your OS. This requires a bit of tech savvy, however, so if you are not confident, seeking help from professional tech support is recommended.

Afterward, we highly advise that you change the passwords of all your Google accounts. Make sure they are strong ones, too.

Was this article helpful?

Thanks for your feedback, add a comment here to help improve the article

Save $5 on Your Next Order