Security firm Check Point Technologies revealed in a blog post that the attack, dubbed Gooligan, steals authentication tokens to breach data from Google Play, Photos, Drive, Docs, G Suite, Gmail and more. The infection continues to spread, infecting over 13,000 additional devices daily.
Instead of snatching personal information, attackers opt to install malicious apps from Google Play to generate profits from ad revenue as part of a fraud scheme that purportedly stacks up to $320,000 monthly.
“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them,” researchers from Check Point further added.
A spokesperson for Google has since said their investigation found no evidence to indicate Gooligan has accessed any sensitive user data. “The motivation… is to promote apps, not steal information.”
The statement further informs Gooligan is part of a malware branch called Ghost Push, which aims to sneak in malicious software that then installs a pile of other infectious apps from the Play store. The list of malware-infested apps includes StopWatch, Perfect Cleaner and WiFi Enhancer.
Google said it has already removed the malicious apps from the Play store and has also taken necessary measures to curb the spread of the infection.
While this isn’t the first time Google has suffered a malware hit, Gooligan is said to be the biggest Android breach on record.
Earlier this year, reports suggested that a vulnerability found in Stagefright, Android’s multimedia library, could put 275 million devices at risk, but it remained unclear how many users were actually breached. Much like with Gooligan, the Big G was quick to release a fix.
In case you suspect your account has been compromised, you can run a quick check-up on Check Point’s website. You can further protect yourself by installing a clean copy of Android on your smartphone as well as resetting your Google account passwords.