A new variant of a well-known malware program called ‘Googlian’ has infected more than one million accounts via phones that run older versions of Google’s Android operating system, mostly outside the U.S., according to security firm Check Point.
The android malware Googlian is delivered via apps downloaded from non-approved, third-party app sites. That’s made users outside the U.S., who are more likely to use these sites, more vulnerable than US users. This malware has affected approximately 1,000 users within the United States.
“The Gooligan campaign most heavily affects Android users in Asia. That’s likely because users there rely more on third-party app stores. In the United States, Android users stick to Google Play for apps,” said Check Point spokeswoman Ali Donzanti.
The malware campaign attacks accounts on phones running the Android 4 and 5 operating systems, known as Jelly Bean, KitKat and Lollipop, and according to Check Point Software Technologies, can potentially access information from users’ other Google accounts.
Google said in a blog post that it had found no evidence of other fraudulent activity within affected Google accounts.
The software is part of “GhostPush,” a family of apps that once installed, try to download other apps. Google said that it has been tracking this family of malware since 2014 and so far has detected and prevented the installation of over 150,000 variations of Ghost Push.
Users who buy their apps on the Google Play store are generally safe, Check Point said.
Google said it has contacted affected users, removed apps associated with the problem and added new protections to its Verify Apps technology.
The problem is similar to an issue that surfaced with malware that could affect iPhones running non-Apple approved apps in 2015.