An attack campaign dubbed Gooligan has infected more than 1 million Google accounts, with 13,000 new devices being breached each day, according to Check Point Software Technologies Ltd., a cyber security firm.
The malware, which affects older versions of the Android system, steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more, Check Point said.
“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” said Adrian Ludwig, Google’s director of Android security. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Gooligan can potentially infect about 74% of Android devices, including those running Android 4 -- which includes Jelly Bean and KitKat -- and Android 5 (Lollipop), the researchers said.
What to do
The malware is contained in tens of thousands of fake apps. Check Point has set up a test page on its site where you can see if your device is infected.