More than 1 million Android phones are believed to have been infected by a new strain of malware called Gooligan.
The Android malware, Forbes reported, was used by cybercriminals to steal 1.3 million Google accounts in recent months, which may be the largest single theft of Google accounts on record.
The spyware steals the tokens used to verify that a user is, in fact, authorized to access their Google account and also forces users to download apps to help fund an advertising fraud scheme.
According to Forbes, the hackers are able to make as much as $320,000 a month.
Since the beginning of November, the Gooligan malware has gained an average of 13,000 new infections each day. Researchers from Check Point confirmed that the software is able to gain access to a device when a user visits a website and downloads a malicious third-party app.
Once the phone is infected, the malware siphons the victim’s Google account token and sends it to a server, where hackers can then gain unauthorized access to Gmail, Docs, Drive, Photos and other data.
The motivation behind Gooligan, which is said to be a version of an older malware known as Ghost Push, seems to not be fraudulent in nature.
“Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent,” Google’s Android security chief, Adrian Ludwig, wrote in a blog post. “The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant.”
“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether,” Ludwig added.