An In-depth Look at the Gooligan Malware Campaign

Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30.

The report discusses the ins and outs of how more than one million Google accounts were breached, potentially exposing messages, documents, photos, and other sensitive data. A new variant of the Android malware found by Check Point researchers in the SnapPea app in 2015, Gooligan roots devices and steals email addresses and authentication tokens stored on the device. With this information, an attacker can access a user’s Google account data within Google Play, Google Photos, Gmail, Google Drive, and G Suite.

The report covers Gooligan’s genealogy, attack flow and provides detailed technical analysis of the malware campaign and where it originated.