Gooligan Android malware breached 1Million users

FYI Android users, you have to read this article courtesy by if you’re an Android smart phone user. I actually read it first from CNN website and again today.

Sponsored by Life Insurance.

Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts.


Key findings

  • The campaign infects 13,000 devices each day and is the first to root over a million devices.
  • Hundreds of email addresses are associated with enterprise accounts worldwide.
  • Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent nearly 74% of Android devices in use today.
  • After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim.
  • Every day Gooligan installs at least 30,000 apps on breached devices, or over 2 million apps since the campaign began.

Check Point reached out to the Google security team immediately with information on this campaign. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” stated Adrian Ludwig, Google’s director of Android security.

Among other actions, Google has contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.


Check Point’s Mobile Research Team first encountered Gooligan’s code in the malicious SnapPea app last year. In August 2016, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack messages.


I hate visiting website due to auto-loading of videos, it’s annoying. Anyway, I gathered some useful information for you to know. Here they are.

According to Check Point, here’s the list of potentially infected apps:

  1. Perfect Cleaner
  2. Demo
  3. WiFi Enhancer
  4. Snake
  5. gla.pev.zvh
  6. Html5 Games
  7. Demm
  8. memory booster
  9. แข่งรถสุดโหด
  10. StopWatch
  11. Clear
  12. ballSmove_004
  13. Flashlight Free
  14. memory booste
  15. Touch Beauty
  16. Demoad
  17. Small Blue Point
  18. Battery Monitor
  19. 清理大师
  20. UC Mini
  21. Shadow Crush
  22. Sex Photo
  23. 小白点
  24. tub.ajy.ics
  25. Hip Good
  26. Memory Booster
  27. phone booster
  28. SettingService
  29. Wifi Master
  30. Fruit Slots
  31. System Booster
  32. Dircet Browser
  34. Puzzle Bubble-Pet Paradise
  35. GPS
  36. Light Browser
  37. Clean Master
  38. YouTube Downloader
  39. KXService
  40. Best Wallpapers
  41. Smart Touch
  42. Light Advanced
  43. SmartFolder
  44. youtubeplayer
  45. Beautiful Alarm
  46. PronClub
  47. Detecting instrument
  48. Calculator
  49. GPS Speed
  50. Fast Cleaner
  51. Blue Point
  52. CakeSweety
  53. Pedometer
  54. Compass Lite
  55. Fingerprint unlock
  56. PornClub
  57. com.browser.provider
  58. Assistive Touch
  59. Sex Cademy
  60. OneKeyLock
  61. Wifi Speed Pro
  62. Minibooster
  64. com.fabullacop.loudcallernameringtone
  65. Kiss Browser
  66. Weather
  67. Chrono Marker
  68. Slots Mania
  69. Multifunction Flashlight
  70. So Hot
  71. Google
  72. HotH5Games
  73. Swamm Browser
  74. Billiards
  75. TcashDemo
  76. Sexy hot wallpaper
  77. Wifi Accelerate
  78. Simple Calculator
  79. Daily Racing
  80. Talking Tom 3
  81. com.example.ddeo
  82. Test
  83. Hot Photo
  84. QPlay
  85. Virtual
  86. Music Cloud

Wow that’s a lot of malicious apps at Google 🙁

Check Point actually setup a website for you to check if your devices have been hacked. Visit website, then enter your Google email address and wait for the response.

I tried my email address, and this is my result.


If you notice, there is an advertising from Zone Alarm. This is an option for you to purchase.

And if you’re BREACHED, seek a professional computer geek’s help to assist you cleaning up your device.

Be safe out there.

Support @QUE.COM

Founder, QUE.COM Internet Media. | Founder, a Shout for Joy! | MAJ.COM Management of Assets and Joint Ventures. More at KING.NET Ideas to Life.

Leave a Reply