Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Gooligan Malware Targets Android Users

Tuesday, December 13, 2016 11:28

There’s a new malware campaign in town, and its name is Gooligan.  Attackers are using a type of malware, called Gooligan, to infect Android devices and acquire the users’ Google account credentials. This malware is responsible for the largest known Google account breach to date.   How does it work?  In simple terms, Gooligan takes advantage of known security flaws in out-of-date Android devices. This allows the attacker to do anything the user of the device can do, all from a remote location, including accessing all Google services associated with the device.

The infection can begin with the user clicking a malicious website link, or they could be enticed into downloading an infected app from a third-party app store.  Once the app is installed, the attacker has full control.  There are security patches that can be installed to fix the security flaws, but they may not be available on all versions of Android, or the user has not installed them.  So, if you have any android devices, be sure to check for updates and install them on a regular basis.  Also, don’t install any apps from third-party websites or click on suspicious links.

If you want to check if your ISU Google account has been compromised, visit this website and enter your ISU email address, or any Gmail address, and click the check button.  If you find that your ISU account is compromised, contact the ISU IT Service Desk as soon as possible at (208)282-4357 or email  Stay safe out there!