1. Home
  2. Software
  3. Gooligan

Gooligan

Gooligan is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. Gooligan has been described as part of the Ghost Push Android malware family. [1] [2] [3]

ID: S0290
Associated Software: Ghost Push
Type: MALWARE
Platforms: Android
Version: 1.2
Created: 25 October 2017
Last Modified: 24 October 2022
Version Permalink

Associated Software Descriptions

Name Description
Ghost Push

Gooligan has been described as being part of the Ghost Push Android malware family. [2] [3]
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1533 Data from Local System

Gooligan steals authentication tokens that can be used to access data from multiple Google applications.[1]
Mobile T1404 Exploitation for Privilege Escalation

Gooligan executes Android root exploits.[1]
Mobile T1643 Generate Traffic from Victim

Gooligan can install adware to generate revenue.[1]

References

  1. Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.
  2. Adrian Ludwig. (2016, November 29). The fight against Ghost Push continues. Retrieved December 12, 2016.
  1. Lookout. (2016, December 1). Ghost Push and Gooligan: One and the same. Retrieved December 12, 2016.