Gooligan

Gooligan is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. Gooligan has been described as part of the Ghost Push Android malware family. [1] [2] [3]

ID: S0290
Aliases: Gooligan, Ghost Push
Type: MALWARE
Platforms: Android

Version: 1.1

Alias Descriptions

NameDescription
Gooligan[1] [2] [3]
Ghost PushGooligan has been described as being part of the Ghost Push Android malware family. [2] [3]

Techniques Used

DomainIDNameUse
MobileT1409Access Sensitive Data or Credentials in FilesGooligan steals authentication tokens that can be used to access data from multiple Google applications.[1]
MobileT1404Exploit OS VulnerabilityGooligan executes Android root exploits.[1]
MobileT1472Generate Fraudulent Advertising RevenueGooligan can install adware to generate revenue.[1]

References