A new malware strand called Gooligan may have breached over 1 million Google accounts over the past several months. That’s the claim from the Check Point security firm, which released its findings today.
As with many other malware attacks on an Android-based device, Gooligan starts when the end user either downloads an infected app from a third party store (not Google Play) or if a person clicks on a link in an SMS or email message that sends them to the malware source.
Once Gooligan is installed, Check Point claims it sends out data on the infected device to a command and control server. Then it downloads rootkit software that can steal information such as email accounts and authorization tokens that can be used to breach Google accounts. The blog states that the majority of infected Android devices are in Asia, but about 19 percent of those devices are in the Americas.
Check Point has a list of the known apps that have been infected by the Gooligan malware. It also says it has already sent the information it collected on this breach to Google. Adrian Ludwig, Google’s director of Android security, is quoted in the blog post as saying that the company has “taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
In the meantime, most people can likely avoid having their Android smartphone or tablet get infected by staying away from unsecured third-party app stores and not clicking on any random links from emails and messages from unknown sources.