Android malware that installs fake apps has already breached more than a million Google personal accounts and continues to infect smartphones around the globe at the rate of 13,000 a day, a cyber security firm said on Wednesday.
The malware, nicknamed "Gooligan," takes advantage of vulnerabilities in the Android operating system to install other malicious software which can grab users' email addresses and authentication tokens, along with Gmail, Google Photos and Google Drive, reported CBS News.
Gooligan makes money by fraudulently installing apps from Google Play and rating them as if phone users had. The malware is believed to install at least 30,000 fake apps daily on breached devices.
CNBC reported that 57 percent of Gooligan-affected devices are in Asia, nine percent in Europe, 19 percent in the Americas and 15 percent in Africa.
"This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks," said Michael Shaulov, head of mobile products for Check Point Software Technologies. "We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them."
Check Point said the malware infects 13,000 devices daily and targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent almost 74 percent of devices used currently.
"If your account has been breached, a clean installation of an operating system on your mobile device is required," said Shaulov. "This complex process is called flashing, and we recommend powering off your device, and approaching a certified technician or your mobile service provider, to re-flash your device."
Adrian Ludwig, Google's director of Android security, said the goal of the malware is to promote ads and there has been no evidence so far that specific groups were targeted.
"… This variant used Google credentials on older versions of Android to generate fraudulent installs of other apps," Ludwig said. "… As always, we take these investigations very seriously and we wanted to share details about our findings and the actions we've taken so far."
Ludwig said Google deployed Verify Apps to protect users from "offending apps" in the future, removed apps associated with what it calls a "Ghost Push" from Google Play, revoked affected Google Account tokens, and provided instructions so users can safely sign back in.