Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
A nasty strain of Android malware that has been in the wild for the last two years is once again rearing its ugly head. Gooligan, the name given to malware that has been found in at least 86 malicious apps, has been infecting Android handsets at a rate of 13,000 devices worldwide per day, Israeli security firm Check Point Software said in a blog posting today (Nov. 30).
According to Check Point, the apps in question include StopWatch, Perfect Cleaner, and WiFi Enhancer, all of which are available in third-party marketplaces. They exploit known flaws in older Android distributions, including 4.1-4.3 Jelly Bean, 4.4 KitKat, and 5.0-5.1 Lollipop.
MORE: 15 Cheap Tech Products That Make Life Easier
Phones and tablets running newer versions of Android, such as 6.0 Marshmallow or 7.0-7.1 Nougat, should be safe. Users can also protect themselves by installing all available security patches and version updates, running robust Android antivirus software and, most importantly, making sure that installing apps from "Unknown sources" is not enabled in their devices' security settings.
Gooligan is the latest variant on a strain of Android malware called Ghost Push that has been infecting Android users since 2014. Once it finds its way into handsets via malicious mobile apps, Ghost Push/Gooligan performs all kinds of annoying tasks, including sending users pop-ups ads and trying to install yet more apps, including some from the Google Play app store, on their handsets.
Gooligan threatens users' Google accounts, as it captures and reuses the authorization tokens that let Android devices permanently log into Google accounts. (Each token may take months to expire.) This lets Gooligan pose as a device user and submit phony five-star app reviews in the Google Play store. Check Point has posted a "Gooligan Checker" web page that lets users see whether their Google accounts may have been compromised.
Gooligan appears to be in the same vein as other Ghost Push malware. It lives inside compromised apps that are downloaded from third-party app stores. It's not believed to steal user data, but is part of what's essentially a sophisticated click-fraud scheme that collects cash from dodgy app developers every time Gooligan installs a new app or shows another ad on a victim's phone.
For its part, Google has been working hard to disrupt Ghost Push and its variants, according to a blog post yesterday (Nov. 29) by Android security chief Adrian Ludwig, who added that Google has tracked more than 40,000 Ghost Push apps. Ludwig said the company has taken action against the malware, including attempts at disrupting the command-and-control servers that try to peddle the malicious software.
