Asia is ground zero for malware infections dubbed “Gooligan” and aimed at Android operating systems, with the majority of the million Google accounts breached since August located there, researchers said.
The malware burrows in to mobile devices running on Android and steals information from Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite, researchers from Check Point Software Technologies said.
Attackers can also generate revenue by installing apps from Google Play on infected phones.
The malware infects a device after a user downloads and installs a “Gooligan”-infected app on third-party app stores, or when users accidentally click on malicious links in phishing attacks. After the infected app is installed, it sends data about the device to the malware’s main server and downloads a rootkit, which enables the attacker to gain control of the mobile device.
“This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks,” Michael Shaulov, Check Point’s head of mobile products. said.
“We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.”
Google did not immediately respond to a request for comment.
About 57 percent of the affected devices are found in Asia, while 9 percent are in Europe. Another 15 percent of breached devices are in Africa and 19 percent are in the Americas.
“The malware is more dominant in the older version of Android, namely 4 and 5. Though we can’t say for sure why, some sources say the older Android versions are still pretty prevalent in Asia,” Steve McWhirter, vice president of Asia, Middle East and Africa at Check Point Software Technologies, told CNBC.
The malware targets mobile devices running on the earlier operating systems Android 4.1 Jelly Bean, Android 4.4 KitKat and the Android 5.0 Lollipop, all of which make up 74 percent of the devices in the market.
Android device users who suspect their account might have been hacked will need to go through a process called “flashing,” which can be done by mobile service providers or a certified technician, Check Point Software Technologies said, adding that Google account passwords should be changed immediately after “flashing.”