Although Google maintains a robust security team tasked with maintaining a sprawling ecosystem of software and Android devices, it can still sometimes be foiled. Today is a perfect example, as a malware attack is currently wreaking havoc on a million Google accounts, according to a report from Check Point, an internet security firm.
Called Gooligan, the rogue software is reportedly spreading at a pace of 13,000 Google accounts per day. According Check Point, the malware steals a user's authentication tokens -- the stuff meant to identify a user's account -- and then pilfers data from “Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs.”
Gooligan comes from the Trojan Horse family of the hacking universe. The bug affects Android phones and tablets with apps downloaded in third party app stores, which often offer free alternatives to paid-for apps on Google Play. When it attacks a device, the malware poses as a legitimate app, and then installs software meant to breach your personal data, such as passwords and usernames. It's also been discovered to post fake reviews. The faulty apps are numerous, too, with as many as 30,000 infected by Gooligan, according to Check Point.
Forbes reports that Gooligan is at the center of a massive “advertising fraud scheme,” and has generated as much as $320,000 per month by forcing users to download certain apps. According to Check Point’s Michael Shaulov, researchers at the security firm were able to locate a remote server storing as many as 1.3 million Google account tokens.
Adrian Ludwig, Google’s Director of Android Security, released a statement on Tuesday, saying: “We’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
Gooligan is primarily affecting devices and accounts in Asia, with more than half of the victims living in the continent. A total of 19% of affected users live in North America. Check Point contends that this is the largest ever account breach to spread across the web.