‘Gooligan’ Malware Discovered to Be on Over 1M Android Devices – Here’s What You Need to Know

New malware software has been found on over 1 million Android devices around the world. This is following a report from the security firm Check Point. The malware dubbed “Googlian” first appeared in August, according to the report.

The malware is spreading at 13,000 devices per day. It spreads trough legit-looking apps in third-party apps stores, but the files turn out to be infected by the malware. The most affected area in the world is Asia where third-party apps are commonly used. When installed, the malware takes advantage of a vulnerability present in Android versions Jelly Bean, KitKat and Marshmallow.


The malware takes advantage of two already known weakness in the Linux kernel. This allows it to take control of a user’s device once one of the malicious apps has been installed. Then the malware compromises the device’s Google authorization token, which gives it broader access to the user’s Google account which includes Gmail, Drive, and Photos.

There is a list published in Check Point’s report that indicates all the infected apps. The list includes basic things such as Talking Tom 3 or Clean Master. If you downloaded one of these apps trough the Play Store, you’ll have nothing to worry about.

  • Perfect Cleaner
  • Demo
  • WiFi Enhancer
  • Snake
  • gla.pev.zvh
  • Html5 Games
  • Demm
  • memory booster
  • แข่งรถสุดโหด
  • StopWatch
  • Clear
  • ballSmove_004
  • Flashlight Free
  • memory booste
  • Touch Beauty
  • Demoad
  • Small Blue Point
  • Battery Monitor
  • 清理大师
  • UC Mini
  • Shadow Crush
  • Sex Photo
  • 小白点
  • tub.ajy.ics
  • Hip Good
  • Memory Booster
  • phone booster
  • SettingService
  • Wifi Master
  • Fruit Slots
  • System Booster
  • Dircet Browser
  • Puzzle Bubble-Pet Paradise
  • GPS
  • Light Browser
  • Clean Master
  • YouTube Downloader
  • KXService
  • Best Wallpapers
  • Smart Touch
  • Light Advanced
  • SmartFolder
  • youtubeplayer
  • Beautiful Alarm
  • PronClub
  • Detecting instrument
  • Calculator
  • GPS Speed
  • Fast Cleaner
  • Blue Point
  • CakeSweety
  • Pedometer
  • Compass Lite
  • Fingerprint unlock
  • PornClub
  • com.browser.provider
  • Assistive Touch
  • Sex Cademy
  • OneKeyLock
  • Wifi Speed Pro
  • Minibooster
  • com.so.itouch
  • com.fabullacop.loudcallernameringtone
  • Kiss Browser
  • Weather
  • Chrono Marker
  • Slots Mania
  • Multifunction Flashlight
  • So Hot
  • Google
  • HotH5Games
  • Swamm Browser
  • Billiards
  • TcashDemo
  • Sexy hot wallpaper
  • Wifi Accelerate
  • Simple Calculator
  • Daily Racing
  • Talking Tom 3
  • com.example.ddeo
  • Test
  • Hot Photo
  • QPlay
  • Virtual
  • Music Cloud

A statement from Google saying that the malware Is not accessing personal data of victims. No personal emails of files are comprised after the malware has been installed. Looking at the infected devices, there does not seem to be a specifically targeted group or company.

What the malware does is rather interesting. It installs non-malicious apps from the Play Store, then leaves an extremely positive review, giving it 5 stars. It does this for a lot of apps. Seeing that over 1 million devices could be doing this all the time, there are a lot of fake positive reviews caused by this which could result in a massive boost in sales from the Play Store which can have the potential to be worth a lot more than even stolen credit card information.

This is not the first time something like this has happened, as we have seen malware that leaves positive reviews before. Recently, there were a few apps which were named a variation of “Brain Test” which did the exact same thing. The apps were removed by Google from the Play Store after their scheme became public. The problem is that the apps getting the positive reviews are not doing anything wrong since it’s impossible to pick them up with a malware scan (remember, the infected apps are found in third-party stores, not the Play Store).

Luckily, Check Point has created a scan that will pick up any malicious apps on your device. The only thing is that once the malware is installed, the only way to remove it is to completely reinstall the system software of the phone.


The weaknesses in Android are easy to fix, however. That’s why Google fixes them all the time. But by only fixing it in later software iterations, they leave older phones still at risk for exploitation. Due to Android’s fragmentations, the updates only reached a quarter of all Android users. Therefore, for some users, there may not be any escape from this virus going around. Let’s just hope Google patches things up before it gets too serious…