Skip to content

Hide Navigation Hide TOC

Gooligan - S0290 (20d56cd6-8dff-4871-9889-d32d254816de)

Gooligan is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. Gooligan has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)

Cluster A Galaxy A Cluster B Galaxy B Level
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern Gooligan - S0290 (20d56cd6-8dff-4871-9889-d32d254816de) Malware 1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a) Attack Pattern Gooligan - S0290 (20d56cd6-8dff-4871-9889-d32d254816de) Malware 1
Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467) Attack Pattern Gooligan - S0290 (20d56cd6-8dff-4871-9889-d32d254816de) Malware 1