More than a million Google accounts today have been hit by a malware, said a security firm yesterday on Wednesday.
The attack campaign known as Gooligan, is infecting more and more devices with malware every day, with 13,000 each day to be more specific.
The malware steals the infected device’s authentication tokens to breach data from Google apps such as Google Play, Gmail, Google Docs, Google Drive and other apps.
But the purpose of this malware is not to steal your personal data. It is to force users to download apps that are a part of an advertising fraud scheme that makes up to $320,000 a month, Michael Shaulov, head of the mobile security at Check Point, told Forbes.
The Malicious Apps
Gooligan works like the Trojan Horse virus.
Just like the Trojan Horse virus, the malicious software disguises itself as a legitimate Android app for phones and tablets.
Some of these malicious apps are StopWatch, Perfect Cleaner and Wi-Fi Enhancer. When you install these apps, they automatically install others apps, some of them can even steal your username and passwords to write up and post fake reviews.
The downloads and reviews from these apps feed into the hackers’ ad fraud scheme. The hackers run ads in those malicious apps, and each click on those ads means more money for them.
These apps are not found on Google Play store, where the company has more authorisation over apps, but from third party stores and websites. But some of these apps that the malicious apps forcibly download can be found on the Play store.
Google said that they have removed those apps.
The Damage Inflicted
Apparently Gooligan affects devices which run on Android 4 or 5 (Jelly bean, Kit Kat, Lollipop). 74% of total devices around the world run on this Android version. Most of them are around in Asia while only a few of them are in Europe.
Users are strongly advised to download trusted anti-virus apps to protect themselves and not download unauthorized and suspicious apps from third party stores and websites.