More than 1 million Google accounts have been breached by malware, according to the Israeli-based security firm Check Point.
The malware, which has been dubbed Gooligan, has been tracked by the firm for over a year. It first appeared in SnapPea, a Windows application which can be downloaded from Cnet. When mobile devices were physically connected to the PC and the SnapPea application, the malware installed fake apps on the device.
Gooligan has also been found on many apps that can be downloaded from third-party Android app stores, which serve as an alternative to Google Play and are extremely popular in Asia. Devices can also be infected when users click on malicious links sent in phishing attacks.
Once the malware is downloaded, it takes advantage of multiple exploits to gain root access to the device. It then steals the user’s email account information, as well as Google authentification tokens, which can be used to gain access to a Google account.
The malware can affect your device with adware. It uses the authentification tokens to download apps from Google Play, where it administers ads through ad servers. It also uses the tokens to leave fake positive reviews on these apps, which look like they were left by the user whose account was hacked. Gooligan fraudulently downloads over 30,000 apps a day.
Check Point has notified Google of the problem, and Google has revoked those tokens that have been hacked and is working on blocking Gooligan-infected apps.
Check Point has also developed a tool to check whether your account has been breached. Simply enter your email address on this page.
If your account has been hacked, Check Point recommends getting a technician to reflash your device (doing a clean reinstall of the operating system), as well as changing your passwords immediately.