More than a million Google accounts have been hit by malicious software, a security firm said Wednesday.
Check Point said in a blog post that the attack campaign, known as Gooligan, is expanding to an additional 13,000 devices a day. The malware steals authentication tokens that can be used to access Google Play, Gmail, Google Photos, Google Docs, G Suite and Google Drive.
Gooligan features a Trojan horse type of attack, in which the malicious software poses as legitimate apps for Android smartphones and tablets. Names of the malicious apps include StopWatch, Perfect Cleaner and WiFi Enhancer, according to the Wall Street Journal. Once installed, these apps automatically install other apps, some of which can steal user names and passwords to post fake reviews of products.
Google responded to a request for comment with a link to its blog post about the attack. In the blog post, Google said it has found no evidence that Gooligan has accessed user data access or that specific groups of people have been targeted. “The motivation…is to promote apps, not steal information,” Google said.
Check Point said Gooligan is a variant of an Android malware campaign found by researchers in the SnapPea app last year.
People who are worried that their Google accounts may be compromised can check on the Check Point website.
First published November 30 at 8:47 a.m. PT.
Update, 9:37 a.m. PT: Comment from Google added.