Targeting android devices, the Gooligan malware attack has infected more than a million Google accounts and growing by 13,000 new users a day.
It affects devices that run android 4 (Jelly Bean, KitKat) and android 5 (Lollipop), according to Check Point.
The malware spreads via apps from third-party app stores and malicious links in phishing attack messages. It downloads a rootkit to steal authentication tokens to breach data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs, CNET reports.
It also installs app that can steal users’ account information to post fake ratings and reviews to raise the profile of these apps.
However, CNET referred Check Point website for checking if any account is hacked. As soon as user enters email address, it will immediately let him/her know if the account has been breached.
Users can also scroll to the bottom of blog post from Check Point to see a list of dozens of apps known to be infected by Gooligan. To check if these apps were installed on device, user may go to Settings > Apps for an alphabetical list.
What if account is hacked
User needs to wipe his/her android device and perform clean installation if the account has been breached. Then, s/he will need to change the password for Google account used with the device.