What is "Gooligan"?
Security researchers have uncovered a new malicious software attack targeting Android devices that has been dubbed “Gooligan”. The malicious software is reported to have affected more than one million Google accounts to date and thousands of new accounts are being affected each day.
The malicious software compromises an individual’s Google email account and authentication token information, which can be used to access Google accounts, including Gmail, Google Photos, Google Docs, and Google Drive. The attackers use the authentication tokens to install select apps from Google Play on an infected device and then post fake app ratings to boost advertising revenue.
Google has notified individuals whose accounts have been affected and has revoked affected Google Account tokens.
The malicious software typically infects an Android device when an individual mistakenly installs a malicious app from a third party app store or follows a link in a phishing scam. The Gooligan software attack targets devices running Android 4 (Jelly Bean and Kitkat) and 5 (Lollipop).
What should I do?
If you are running version 6.0 or later of the Android operating system, then you are not affected. If you are running an earlier version of the Android operating system, you should update your Android device.
If you have been notified by Google that your account has been compromised, you should follow the instructions they provide in their notification. Computing Services and Systems Development recommends that, at a minimum, affected individuals should:
- Install a clean, updated version of the Android operating system onto your device
- Change all of your Google account passwords
More information about spotting phishing scams, recovering lost or stolen mobile devices, multifactor authentication, and other security resources is available on our Information Technology Web site (technology.pitt.edu).
Please contact the Technology Help Desk at 412-624-HELP  if you have any questions regarding this announcement.