Skip to content

S0290 Gooligan

Gooligan is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. Gooligan has been described as part of the Ghost Push Android malware family. 1 2 3

Item Value
ID S0290
Associated Names Ghost Push
Type MALWARE
Version 1.2
Created 25 October 2017
Last Modified 10 October 2019
Navigation Layer View In ATT&CK® Navigator

Associated Software Descriptions

Name Description
Ghost Push Gooligan has been described as being part of the Ghost Push Android malware family. 2 3

Techniques Used

Domain ID Name Use
mobile T1533 Data from Local System Gooligan steals authentication tokens that can be used to access data from multiple Google applications.1
mobile T1404 Exploit OS Vulnerability Gooligan executes Android root exploits.1
mobile T1472 Generate Fraudulent Advertising Revenue Gooligan can install adware to generate revenue.1

References

Back to top