Researchers at security firm Check Point Software Technologies have discovered a family of Android malware that has already compromised over 1 million Google accounts, hundreds of them associated with enterprise users.
Gooligan, as this malware was called, was discovered in at least 86 apps available on third-party marketplaces. Once installed, Gooligan initiates a root process of the operating system to gain privileged access to Android devices running versions 4 (Ice Cream Sandwich, Jelly Bean, KitKat) and 5 (Lollipop) of the operating system. That is approximately 74 percent of users.
Affected phones or tablets then download software that steals the authentication keys that allow the phone to connect to the user's Google accounts – such as Gmail, Google Photos, Google Docs, Google Play, Google Drive.
Check Point company published here a list of infected applications.
Google also recommends enabling the app verification service, available in the Android operating system:
