Google has fallen victim to a massive malware attack affecting more than one million Android users around the world.
The attack campaign known as Gooligan “continues to rise at an additional 13,000 breached devices each day,” according to the Check Point Research Team, a cybersecurity firm that first discovered the extensive hack.
It is the largest theft of Google data in history, reports Forbes.
While the majority of accounts affected are in Asia, Check Point estimates that 19 percent of those infiltrated are in the Americas. (RELATED: Thought Changing Your Password Kept You Safe? You’re Wrong)
Rather than directly stealing personal information, cybercriminals nabbed authentication credentials by installing malicious apps in third-party stores for Android which then grants them access to data from other apps directly on the phone system like Google Play, Google Photos, Google Docs, Google Drive, Gmail and many others.
But the scheme may not be just to gain access to data.
The fraudsters are getting users to install these apps, which has garnered around $325,000 a month, according to Forbes.
“In our research we identified tens (sic) of fake applications that were infected with this malware,” Check Point describes in its official blog post. “We found traces of the Gooligan malware code in dozens of legitimate-looking apps on third-party Android app stores. These stores are an attractive alternative to Google Play because many of their apps are free, or offer free versions of paid apps.”
The security of these stores and the various apps available to download aren’t always verified. Apps can also become infected when unsuspecting users click on infected links, also known as phishing scams. (RELATED: Use Cloud Sharing? More Than 68 Million People Were Hacked)
“Check Point reached out to the Google Security team immediately with information on this campaign,” Check Point explained on its own official blog post. “Our researchers are working closely with Google to investigate the source of the Gooligan campaign.”
Google claims that there is “no evidence of user data access” as well as no evidence of targeting, according to Adrian Ludwig, its director of Android security.
Send tips to eric@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.