Loading…
Botconf 2017 has ended
View analytic
Wednesday, December 6 • 18:05 - 18:45
Hunting Down Gooligan

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware.

This talk starts by providing an in-depth analysis of how Gooligan’s kill-chain works from infection and exploitation to system-wide compromise. Then building on various telemetry we will shed light on which devices were infected and how this botnet attempted to monetize the stolen oauth tokens. Next we will discuss how we were able to uncover the Gooligan infrastructure and how we were able to tie it to another prominent malware family: Ghostpush. Last but not least we will recount how we went about re-securing the affected users and takedown the infrastructure.

Speakers
avatar for Elie BURSZTEIN

Elie BURSZTEIN

Anti-fraud and abuse research team lead, Google
Anti-abuse research lead


Wednesday December 6, 2017 18:05 - 18:45
Corum Allée du Saint-Esprit, 34000 Montpellier, France