About: Gooligan   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : dbkwik.org associated with source dataset(s)

The infection begins when a user installs a Gooligan-infected app on a vulnerable Android device. Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). * Steal a user’s Google email account and authentication token information * Install apps from Google Play and rate them to raise their reputation * Install adware to generate revenue

AttributesValues
rdf:type
rdfs:label
  • Gooligan
rdfs:comment
  • The infection begins when a user installs a Gooligan-infected app on a vulnerable Android device. Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). * Steal a user’s Google email account and authentication token information * Install apps from Google Play and rate them to raise their reputation * Install adware to generate revenue
Length
  • 1000000(xsd:integer)
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Date
  • 2016-11-30(xsd:date)
Origin
  • USA?
Platform
  • Android
Name
  • Gooligan
Type
  • Virus
Creator
  • ?
abstract
  • The infection begins when a user installs a Gooligan-infected app on a vulnerable Android device. Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to: * Steal a user’s Google email account and authentication token information * Install apps from Google Play and rate them to raise their reputation * Install adware to generate revenue
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software