A new malware campaign dubbed “Gooligan” has resulted in the breach of more than 1 million Google accounts — with 13,000 new victims added to the list every day, according to IT security company Check Point.
The Malware targets Android smartphones and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Docs and more.
Infections are the result of users who have unwittingly downloaded “illegitimate apps,” according to a CNN Money report. Check Point provides a list of apps tied to the attack in the “Appendix A” section of its report on Gooligan.
Gooligan infects devices running Android 4 and Android 5, which make up about 74 percent of in-market devices, according to Check Point.
The source of the Gooligan attack remains unknown, although Check Point says it is working with Google to get to the bottom of the scheme.
In the meantime, Check Point has created a website that can help you to determine whether your account has been compromised.
If you are at risk, you will need to perform a clean installation of your operating system – which Check Point acknowledges is a “complex process” best performed by professionals – before changing your Google account passwords.
CNN Money reports that the Gooligan attack underscores the importance of downloading apps only from official stores — the Google Play store for Android and Apple’s App Store for iPhone.
That advice might fall on deaf ears in some cases. According to CNN:
Some people insist on visiting unofficial app stores — typically on shady websites — because they offer free, counterfeit versions of popular apps.
For more on keeping your phone safe, check out “6 Ways to Keep Your Smartphone Safe From Hackers.”
How do you keep your smartphone secure? Share your advice by commenting below or on our Facebook page.