Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

A new strain of malware has breached more than one million Google accounts, allowing attackers to access data from users’ Google accounts including Gmail, Photos, Docs, Drive, Play and more.

Rather than harvesting data, the attackers seem to be motivated by money, using the malware to crack into devices to install apps and serve up ads.

“After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the [command and control] server,” states a report from Check Point researchers and the Google Security Team.

A similar plot by the HummingBad group netted about $320,000 a month, according to Forbes.

The malware, dubbed Gooligan, can steal a user’s Google authentication token on Androids running Jelly Bean, KitKat and Lollipop. The malware hides in "legitimate-looking" apps that users download from third-party stores or can be downloaded directly through malicious links. The malware also installs adware.

The researchers say Gooligan continues to infect about 13,000 devices a day and they have set up a tool for Google users can check if their accounts have been breached.