In what has been a banner year for malvertisers, Gooligan is the latest exploit kit making news. The attacks are able to gain access to users' Google accounts on Jellybean, KitKat, and Lollipop devices, which accounts for over a billion of the phones in use today. Authentication tokens are seized, so two-factor authentication cannot secure your account from being attacked. As of now, Google reports that there has been no fraudulent activity on the affected devices, so the criminals behind Gooligan are looking to take control of the device in order to flood it with advertisements. Current estimates show that it has infected over a million phones, which could account for over $300,000 of profits per month. Expect this trend to continue into 2017. Gooligan draws heavily from Ghost Push, malware that was the most successful in infecting Google devices in 2015. Code for Gooligan was first found in mid-2015, so it isn't too shocking to suggest that there is, or will be, more malicious code stemming from Gooligan.
AdClear will be able to block malicious ads infected with malware, but also be sure to analyze future apps before downloading them. More and more criminals will migrate to Android given the cash potential, and it's vital to stay secured. Check Point has a convenient webform that will check your email address against those suspected of being Gooligan victims. If you've noticed any new suspicious apps or activity on your phone, take it to a certified professional as soon as possible so that they can flash your Android system.