One million Google accounts reportedly hacked through Android malware

The virus first appeared in 2014, but reared its head again in August. It's since created a more sophisticated attack method, which has compromised more than 13,000 devices a day.
By Jessica Davis
03:35 PM

More than 1 million Google accounts – including authentication tokens – have been compromised by the Android malware strain known as Gooligan, security firm Check Point reported on Wednesday.

Hackers can use the stolen credentials to gain access to Gmail and Google Photos, Docs, Drive, Play and GSuite. Further, the cybercriminals can generate revenue by installing apps from Google Play and rating the apps on behalf of the user. Hackers also profit from the adware installed by Gooligan.

First spotted in the wild in 2014, this most recent campaign that began in August has infected about 13,000 devices each day by targeting Android 4 and 5 devices. Checkpoint officials estimate that accounts for nearly 74 percent of Android users.

Currently, Gooligan installs 30,000 apps a day on breached devices – or 2 million fraudulent apps since the campaign began.

The researchers also found Gooligan in many legitimate-looking third-party app stores, but users also downloaded the app directly from malicious links found in phishing messages.

Check Point researchers contacted Google's security team with their findings, and the firm is offering a free online tool that lets users determine if their account is part of the breach.

"This theft of over a million Google account details is very alarming and represents the next stage of cyberattacks," said Check Point's Head of Mobile Products, Michael Shaulov, in a statement. "We're seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them."

"We appreciate Check Point's partnership as we've worked together to understand and take action on these issues," Google's Director of Android Security, Adrian Ludwig, said in a statement.

"As part of our ongoing efforts to protect users from the Ghost Push family of malware, we've taken numerous steps to protect our users and improve the security of the Android ecosystem overall."

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.