Check Point Software Technologies today revealed a data breach that’s hit an estimated 1 million Google accounts around the world.
Nicknamed “Gooligan,” this new variant of malware has reportedly been targeted at the nearly three-quarters of devices worldwide that run Android 4 (Jelly Bean, KitKat) and 5 (Lollipop).
RELATED: How to see everything Google knows about you
Here’s what you need to know about Gooligan…
How many accounts have been impacted?
Some 1 million accounts are believed to have been hit, according to Check Point. The breach has been happening at a rate of 13,000 devices a day since August.
What does the hack do?
In short, Gooligan steals email accounts and authentication tokens.
Authentication tokens bypass two-factor authentication and make Google think you as a user are already logged in.
Then the hackers can have a field day with access to your Gmail, Google Play, Google Photos, Google Drive, Google Docs and G Suite.
How can you tell if your account has been hacked?
Check Point has set up a free Gooligan Checker tool that lets you enter your email to find out if you’ve been hacked. Check Point says it will not collect, store or use your email address for any purpose other than determining if you’ve been breached or not.
What should I do next if I determine I’ve been hacked?
1. Go to your carrier and ask that your device be “re-flashed.” This process will do a clean install of your operating system.
2. Immediately change your Google account passwords.
What apps might have infected me after I downloaded them?
Check Point says the following apps from third-party Android app stores are the likeliest culprits:
Perfect Cleaner
Demo
WiFi Enhancer
Snake
gla.pev.zvh
Html5 Games
Demm
memory booster
แข่งรถสุดโหด
StopWatch
Clear
ballSmove_004
Flashlight Free
memory booste
Touch Beauty
Demoad
Small Blue Point
Battery Monitor
清理大师
UC Mini
Shadow Crush
Sex Photo
小白点
tub.ajy.ics
Hip Good
Memory Booster
phone booster
SettingService
Wifi Master
Fruit Slots
System Booster
Dircet Browser
FUNNY DROPS
Puzzle Bubble-Pet Paradise
GPS
Light Browser
Clean Master
YouTube Downloader
KXService
Best Wallpapers
Smart Touch
Light Advanced
SmartFolder
youtubeplayer
Beautiful Alarm
PronClub
Detecting instrument
Calculator
GPS Speed
Fast Cleaner
Blue Point
CakeSweety
Pedometer
Compass Lite
Fingerprint unlock
PornClub
com.browser.provider
Assistive Touch
Sex Cademy
OneKeyLock
Wifi Speed Pro
Minibooster
com.so.itouch
com.fabullacop.loudcallernameringtone
Kiss Browser
Weather
Chrono Marker
Slots Mania
Multifunction Flashlight
So Hot
Google
HotH5Games
Swamm Browser
Billiards
TcashDemo
Sexy hot wallpaper
Wifi Accelerate
Simple Calculator
Daily Racing
Talking Tom 3
com.example.ddeo
Test
Hot Photo
QPlay
Virtual
Music Cloud
What has Google’s response been?
“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” said Adrian Ludwig, Google’s director of Android security. “As part of our ongoing efforts…we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”
You can read more in Ludwig’s new blog post here.