Android malware Gooligan grabs 1.3 mln Google accounts to install unwanted apps

An Android malware targeting Google accounts has infected 1.3 million phones since August, forcing the devices to open and download a large number of unwanted apps, a U.S.-based internet security firm reported recently.

According to researchers from Check Point, a firm headquartered in California, the malicious software dubbed Gooligan first gets into a phone when a user visits a website and downloads a third-party app, and then sneakily controls the user's Google account.

Check Point researchers have uncovered 1.3 million real Google accounts by locating the hacker's server and reported the situation to Google already.

The Gooligan's aim is to expand an advertising fraud campaign, the security firm pointed out, explaining that the malware works to force Android devices to download apps and give positive reviews to those apps.

Meanwhile, the hackers can earn money from each download and click to the ads inserted in the apps.

The security firm reported that as many as 30,000 apps were being downloaded each day by infected phones, reaching a total of 2 million so far.

Check Point and Google have coordinated to tackle this issue by releasing a free tool to check for infection, publishing a list of apps containing the Gooligan virus, and removing apps related to this issue from affected devices.

Andrian Ludwig, Google's lead engineer for Android security, said Gooligan is a variant of Ghost Push that Google found a year ago.

"The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant," said Ludwig. Endi