Malicious Android Apps Have Taken Over More Than 1M Google Accounts

Image courtesy of

Is there something lurking in your phone that shouldn’t be? Malware designed to look like real Android apps has taken control of more than a million Google accounts since August, according to a new report from security researchers.

According to Check Point, the new malware campaign, Gooligan, has been busy breaching accounts since August, slipping in under the radar with names like StopWatch, Perfect Cleaner, and WiFi enhancer.

Gooligan is infecting 13,000 devices every day, Check Point says, targeting devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which amounts to about 74% of Android devices out there. It’s installing at least 30,000 fake apps on breached devices, every day, or more than two million apps since the attacks started.

Using stolen information like email addresses and authentication tokens, attackers can gain access to users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” said Michael Shaulov, Check Point’s head of mobile products. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”

Check Point says it alerted Google immediately when it realized what was happening.

“We appreciate Check Point’s partnership as we’ve worked together to understand and take action on these issues. As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” stated Adrian Ludwig, director of Android security, Google.

If you’re worried about your account, Check Point has a free online tool that will tell you if your device has been breached. If so, you’ll need to reinstall your operating system, Check Point says.

“This complex process is called flashing, and we recommend powering off your device, and approaching a certified technician or your mobile service provider, to re-flash your device,” said Shaulov.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.