One Million Google Accounts Has Been Leaked By Android Malware!


One Million Google Accounts Has Been Leaked By Android Malware!

If you needed yet another reminder not to install untrusted applications without fully knowing where they come from, here it is: some of the researchers with Check Point SoftwareTechnologies recently published details on new Android malware named “Gooligan” that has compromised more than 1 million Google Accounts. Check Point said that figure is increasing by an additional 13,000 accounts as users continue to download infected applications.

Besides, Snap Point traced Gooligan’s roots back to an app named “SnapPea,” which it identified as malware last year. It has since popped up in “dozens of legitimate-looking apps on third-party Android app stores,” the research firm explained. Third party app stores aren’t controlled by Google, which is why Google always recommends its users download applications from Google Play, where they can be scanned for malware and other issues.


Recently, a device has been infected by Gooligan is potentially granting access to data stored in any of Google’s applications including Google Docs, Google Drive, Google Photos, Gmail and Google Play. Based on Check Point, 57 percent from the majority infected accounts are in Asia. While 19 percent of accounts originate in the Americas, 9 percent are infected in Europe and 15 percent of affected accounts are in Africa.

Other than that, attackers get more private data which they can actually turn your Android device into a money-making machine. Check Point said attackers will first steal your account and authentication token information, and then use your credentials to install adware that ends up generating revenue. They also use infected accounts to “install apps from Google Play and rate them to raise their reputation.”

Check Point also said it believes this is the “largest Google Account breach to date” and said it has alerted Google to the problem. “We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” Google’s director of Android security Adrian Ludwig told the researchers. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”

In addition, Check Point has a tool that allows you to check if your account is affected, so be sure to run yours through it (it was down at the time of publication, sadly enough, but be sure to check back.) Hit the source for more information, including a full list of apps that are infected with Gooligan.