An In-depth Look at the Gooligan Malware Campaign

December 13, 2016

December 13, 2016

Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30.

The report discusses the ins and outs of how more than one million Google accounts were breached, potentially exposing messages, documents, photos, and other sensitive data. A new variant of the Android malware found by Check Point researchers in the SnapPea app in 2015, Gooligan roots devices and steals email addresses and authentication tokens stored on the device. With this information, an attacker can access a user’s Google account data within Google Play, Google Photos, Gmail, Google Drive, and G Suite.

The report covers Gooligan’s genealogy, attack flow and provides detailed technical analysis of the malware campaign and where it originated.



  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research
February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
August 11, 2017

“The Next WannaCry” Vulnerability is Here

  • Check Point Research Publications
January 11, 2018

‘RubyMiner’ Cryptominer Affects 30% of WW Networks