Your Google account could be among the million compromised by the latest malware campaign, Gooligan. And it’s one mean cyber threat. Even as we speak, it continues to strike 13,000 devices each day.
How would you know if your account or email has been hacked? Read on to find out.
Have You Heard About Gooligan?
Before we reveal ways to tell if your Google account has been hacked, let’s do a refresher on the latest Trojan malware.
To begin with, it only targets Android devices. It affects those running Android 4 (Jelly Bean and KitKat) and Android 5 (Lollipop) OS, specifically. The Gooligan malware primarily spreads via apps from third-party app stores and malicious phishing links.
Once your phone gets infected, it downloads a rootkit to steal authentication tokens. It will then use them to breach data from Gmail, Google Play, Google Docs, Google Photos, Google Drive, G Suite and other apps. It installs a mobile app that steals your account info that it will then use to post fake ratings and reviews to raise the profile of those dubious applications.
How Do I Know If My Account is Infected or Hacked?
First, you should check your e-mail address here. Even if the answer is no, there is still a chance your account may be compromised. Luckily, Google provides users with various tools right within Gmail to help you tell whether your account has been compromised or not. We’ll look at three of them.
Last Account Activity
Log into your Gmail account using a desktop browser and do the following:
- Scroll down to the bottom of your inbox.
- Look for a link named Details on the lower right corner. Click on it.
- A pop-up window will then appear. It will provide a detailed list of the last ten times you, or anyone else, accessed your account. It will typically show you when your account was accessed as well as how it was viewed. You’ll be shown if your account has been opened using a browser, email app, or a smartphone app. It will even show the IP address through which your email was opened.
Google will also send you an email to notify you when your account has been accessed by a device or at a location that seems out of the ordinary.
Email Forwarding
Hackers often forward all your critical emails to their accounts once they’ve accessed your account. Unfortunately, average users won’t know if someone is using the email forwarding feature against them.
This Gmail feature is disabled by default. If it is suspiciously turned on, disable it with these steps:
- Open your Gmail.
- Click Settings , which is found on the top right of your email.
- Click Settings > Forwarding and POP/IMAP tab in the subsequent page.
- Click “Disable forwarding” in the Forwarding section.
You can use the same procedure to see if your email has been set up to forward emails to another email address.
POP/IMAP Settings
The POP and IMAP features allow you to access your emails on a third-party client. Anyone can configure these so their email client can receive your email messages once they have access to your password. This is how hackers maliciously receive your emails or account details. It’s best to keep this feature disabled in your account at all times.
Do You See Unfamiliar Apps Automatically Installing?
Pay attention whenever your Android device keeps installing apps right under your nose. That’s definitely a red flag right there. For starters, go to Settings > Security and uncheck the “Unknown sources” under Device Administration section. It should prevent the further installation of mobile applications not listed in the Play Store.
When those installed apps keep coming back despite you deleting them, it’s time to wipe your phone clean. Doing so should keep the virus infection from getting worse. Here is how you do it:
Back Up Your Data
Do you have anything you need to keep backed up before you proceed? Save any media file (e.g. videos, photos, etc.) in your Google Drive and everything else via Settings > Backup & reset > and tick the “Back up my data” option under Backup & Restore section.
Factory Reset Your Phone
To effectively wipe your Android phone clean, follow these steps. Don’t forget to change your password afterwards, too:
- Go to Settings > Backup & reset
- From there, click on Factory data reset and click on “Reset phone”/”Reset device” button.
- You’ll often be given an option to erase all data on your internal storage (e.g. music, photos, etc.). If you’ve successfully backed these up on the cloud, tap on the checkbox to wipe it clean, too.
Luckily, there are ways to know if your Android phone has been infested by viruses or hacked by malicious software. While it’s never easy dealing with these threats, you can keep them from further stealing everything that matters to you.
For more tips on what to do in case your phone is infected by malware such as Gooligan, read our in-depth report here (Trojan Virus, Gooligan, Infects More Than Million Google Accounts).