This Android malware is hacking into your Google account to install apps

Sasha Lekach
Updated
Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f302314%2fap_917826219528
Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f302314%2fap_917826219528

Your Google accounts could have been compromised if you own a Android phone, thanks to a new malware variant known as "Gooligan."

The malware has infected more than 1 million accounts, according to research released Wednesday from cyber security company Check Point, and that figure is growing by a massive 13,000 devices per day.

SEE ALSO: If you receive this terrifying Google alert, you are not alone

In August, Gooligan emerged as a complex malware that infects devices after users download apps from third party stores. It was originally related to a malicious app from 2015 named SnapPea. 

The malware steals authentication tokens that can be used to access data from Google Play, Gmail, Google Docs, Google Drive and more. The malware installs certain apps on a user's phone and highly rates them. Its main mission is to install adware to generate revenue for those apps, reportedly raking in as much as $320,000 a month.

Check Point said that the hacked Google accounts are mostly in Asia, but 19 percent are in North and South America and 9 percent are in Europe. The malicious code appears to affect devices running Android 4 (in versions known as Jelly Bean and KitKat) and Android 5 (Lollipop).

To avoid infecting your device, you should only download apps from the official Google Play store. Check Point has built a site to check if your Google account was breached. If your phone is infected, things get a little more difficult. Check Point recommends installing a clean operating system on your phone. This is complicated, so it's best to turn off your device and get professional help. Once your phone has been fixed by a pro make sure you change all your Google passwords.

Image: Check point

When Mashable reached out to Google about the hack they referred us to a post published Tuesday by Adrian Ludwig, the company's director of Android security. It said that the security team had been working closing with Check Point for several weeks to "investigate and protect users." 

Ludwig confirmed Gooligan uses Google credentials on older versions of Android to generate fraudulent app installs. "We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall," he wrote. The company has found no evidence of the hackers accessing user data, he added.

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories