Security research teams at Israeli security software provider Check Point Software Technologies have recently uncovered an alarming new Android malware campaign that has breached well over a million Google accounts around the world. The researchers warn that thousands of accounts are being breached every day.
A November 20, 2016 Forbes report about the campaign explains:
A new variant of Android malware is responsible for what’s believed to be the biggest single theft of Google accounts on record. The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prising the devices open and stealing the tokens users are given to verify they are authorized to access accounts. Its main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.
Android phones get infected with the malware via seemingly legitimate apps downloaded from third-party Android app stores. The criminals also distribute scam messages via SMS that attempt to trick users into clicking links and downloading the malware.
Check Point has launched a service that allows you to quickly find out if your account has been breached by entering the email address associated with your Android device.
You can read a comprehensive report about the Gooligan malware attack on the Check Point Software Technologies website. The report includes a list of fake apps that are infected with the malware. You can check that you do not have any of these bogus apps installed by going to Settings > Apps.