Google has suffered a significant malware infection that has affected over a million Android users around the world, a security firm has revealed.
Researchers at Check Point Technologies have revealed that a malware, aptly dubbed “Gooligan” has targeted authentication tokens to breach data from several Google-developed software including the likes of Gmail, G-Suite, Drive, Photos, Docs, Google Play and more. The rampaging malware isn’t showing any signs of subsiding either, as researchers point to over 13,000 new devices compromised, every day.
The malware typically affects older Android devices – which still represent a majority of the devices in the market to this day – running on Jelly Bean or Kitkat (Android 4) or Lollipop, Android 5 and its subsequent variants.
These devices total a staggering 74% of all Android devices in use today, with 57% of those devices located in Asia, 19% in the Americas and about 9 % in Europe.
Google authorization tokens are fundamentally the means to access the Google account and the related services of a user. When a user successfully logs into an account, the tokens are issued. In this particular scenario, the authorization tokens were compromised, leaving attackers to access all Google services associated with a user’s account.
Researchers discovered traces of the Gooligan malware code in multiple applications, purporting to be legitimate apps on third-party Android app stores. These stores are particularly popular since they usually provide free versions of paid apps.
For its part, Google has removed a number of malicious applications from the Play store and is already enforcing measures to contain the spread of the infection.
Google claims that the motivation behind the malware was to promote apps rather than steal account information belonging to users.
Still, Check Point researchers have made the damning conclusion in stating:
Gooligan has breached over a million Google accounts. We believe that it is the largest Google account breach to date.
Image credit: Pexels.