According to Google, hackers have gained access to more than 1.3 million Google accounts — emails, photos, documents and more — by infecting Android phones through illegitimate apps.
That discovery comes from computer researchers at Check Point, a cybersecurity firm. The hackers have managed to steal digital “tokens” that give them access to Google services, like a person’s email and photo collection. But according to Google, hackers have not yet tapped that information and stolen it.
The massive hack appears to be a criminal enrichment scheme. Infected Android smartphones begin to install other, legitimate Android apps — then rate them highly. This fraudulently inflates their reputation, according to Check Point researchers.
Google has already removed the legitimate apps from its official store that have benefited from this ratings conspiracy, according to a blog post by Adrian Ludwig, the company’s director of Android security.
The malware also installs malicious advertising software that tracks users, a potential boon for data-hungry marketers.Google says it has blocked 150,000 versions of this kind of nasty cyberattack. But the problem persists. Another 13,000 devices are getting infected and breached daily, according to Check Point researchers who have been tracking this type of cyberattack since last year. They’ve nicknamed the hacking campaign “Gooligan.”
Check Point has set up a website — Gooligan.CheckPoint.com — for people to check if their devices have been hacked. (It requires you to enter your Google email address, gives you a response, and offers the company’s “ZoneAlarm” product.)
Alternatively, Android users could check to see if they have downloaded illegitimate versions of any of the apps listed at the bottom of this article. Smartphone owners are advised to only download certified computer programs from official repositories. Google has its Google Play store. Apple has its App Store. But some people insist on visiting unofficial app stores — typically on shady websites — because they offer free, counterfeit versions of popular apps.
“Not surprisingly, a malware, spread in unofficial markets, can create real damage,” said Zuk Avraham, the founder of another cybersecurity firm, Zimperium.
On Tuesday, Google stressed that users should avoid downloading outside of Google Play.
According to Check Point, here’s the list of potentially infected apps: