HOT LINE 1654

Alerts

"Gooligan" malware

02 Dec 2016

The Cyber Security Center introduces recommendations to the users regarding the cleaning of infected devices.

The "Gooligan" malicious software interfered with more than 1 million Google accounts and threatened Android users. Thus, Gooligan conceals itself as an official Android application, allowing users to download that app. User can make infect the device with this malware by downloading the application infected with "Googligan" or by clicking on the malicious links in "phishing" messages. Please note that applications installed on the phone are not easily removed from the device.

The malicious software attempts to get access information related to Google's services such as Gmail, Google Photos, Google Docs, Google Play, and Google Drive.

Android users can check if their device is infected to this malware entering this URL: https://gooligan.checkpoint.com/.

An infected phone user faces the following problems:

Slows down the phone;
• The phone battery starts to run faster than normal;
• Apps are downloaded to the phone without the user's consent, which leads to a decrease in the memory capacity of the phone;
• The use of mobile data is growing inexplicable;
• Even when the phone is reset, the factory reset does not help to eliminate problems.

The Cyber Security Center under the Ministry of Communications and High Technologies gives recommendations for it:

• Use a secure antivirus program that detects and detects malicious software on the phone.
• Sign out of all synced accounts on the phone ("Gmail", "Yahoo", "Hotmail", "Facebook" etc.).
• Use the mobile device or computer you are sure to secure to access these accounts, and change the access codes.
• Use 2-factor authentication if possible.
• Once you've changed your password, log in again in your account