Although Google maintains a robust security team tasked with maintaining a sprawling ecosystem of software and Android devices, it can still sometimes be foiled. Today is a perfect example, as a malware attack is currently wreaking havoc on a million Google accounts, according to a report from Check Point, an internet security firm.
Called Gooligan, the rogue software is reportedly spreading at a pace of 13,000 Google accounts per day. According Check Point, the malware steals a user's authentication tokens -- the stuff meant to identify a user's account -- and then pilfers data from “Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs.”
Gooligan comes from the Trojan Horse family of the hacking universe. The bug affects Android phones and tablets with apps downloaded in third party app stores, which often offer free alternatives to paid-for apps on Google Play. When it attacks a device, the malware poses as a legitimate app, and then installs software meant to breach your personal data, such as passwords and usernames. It's also been discovered to post fake reviews. The faulty apps are numerous, too, with as many as 30,000 infected by Gooligan, according to Check Point.