More Than 1 Million Google Accounts Breached By Hackers' Android Malware

Dec 01, 2016 10:17 AM EST

An app-installing malware has breached more than 1 million Google accounts and infected Android devices. Security firm Check Point has revealed that the malware campaign called "Gooligan" has been compromising 13,000 devices per day.

Check Point discovered that hackers are exploiting the security vulnerabilities in Android versions 4 (Jelly Bean, Kit Kat) and 5 (Lollipop). The firm went as far as to dub it as the "biggest theft of Google accounts". Apparently, the stolen "authentication tokens" are being used by the cyber criminals to access data in the person's account that include Google Play, Gmail, Google Photos, Google Docs, G Suite and Google Drive.

Though the extent of the malware's damage has been discovered, this new variant of Android malware had already been found by Check Point last year in the SnapPea app. The firm assured that they are working "closely with the Google to investigate the source of the Gooligan campaign". Once the affected app has been installed, the malware "collects data about the devices and downloads rootkits". Google pointed out that it does not actually "access any personal emails of files".

According to Forbes, users are forced to download apps "as part of a huge advertising fraud scheme". The ones responsible for this are "making as much as $320,000 a month". It's being used to "boost and app's ranking" and get a huge profit from it. Among the fake apps infected by Gooligan are WiFi Enhancer, WiFi Master, Memory Booster, Clean Master, YouTube Downloader, Slots Mania, Talking Tom 3 and the evidently malicious Sex Photo, PornClub and So Hot.

The above-mentioned versions of Android mobile operating system amount to 74 percent of Android devices currently being used. 40 percent of the Google accounts breached are in Asia, 19 percent in the Americas, 15 percent in Africa and 9 percent in Europe.

Possible victims of the breach can check their Google accounts if it has been compromised by going to gooligan.checkpoint.com. Owners who have infected devices are advised to power off their gadgets. They should bring it to a certified technician or mobile service provider. The Android device has to undergo a "clean installing of an operating system". Once the device has been successfully "re-flashed", the Google account password has to be changed.

According to The Verge, this is not the first time that cybercriminals have used such malware to improve certain apps' ranking and generate revenue from it. Google had removed a "family of apps called Brain Test" last year. Though the tech company actually scans for harmful apps in the Play Store, there are still instances where some of them cannot be detected.