In yet another setback to Google’s Android which has been facing public ire for its security vulnerabilities, a malicious software, Gooligan, designed to attack Android smartphones, has breached the accounts of more than a million Google users – thought to be the largest Google account breach to date.
According to a report by Check Point Software Technologies, Gooligan malware targets devices running Androd 4.0 and 5.0, which represent nearly 74 per cent of Android devices.
The report further claimed that Gooligan attacks can steal email addresses and authentication data stored on the devices to access sensitive data from Gmail, Google Photos, Google Docs and other services.
Moreover, the software is affecting some 13,000 devices per day and 57 per cent of the hacked accounts are in Asia, 19 per cent are in America and 9 per cent are located in Europe.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks. We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them,” said Michael Shaulov, Check Point’s head of mobile products.
Attackers, via Gooligan, can gain control over the device and generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the user.
The security firm recommends that users who have been compromised do a clean install of the OS via "flashing," which it says "is a complex process."
Check Point added, "we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be ‘re-flashed’.'"