Cybersecurity vendor Check Point Software Technologies on Wednesday said its researchers had discovered a breach of more than 1 million Google accounts in a bid by hackers to steal data from mobile devices.
"Hundreds of the exposed email addresses are associated with enterprises around the world," the US-based security vendor said in a statement.
Check Point said the method of attack was a new type of Android malware, which the vendor has named "Gooligan".
The malware is intended to steal email addresses and authentication tokens that are located on Android devices, Check Point said.
According to the company, the infection starts after a user installs an infected app on their Android device or clicks on a malicious link in a phishing email.
The Gooligan malware is targeting devices running Android 4 (Jelly Bean, KitKat) and Android 5 (Lollipop), according to Check Point. Those versions are running about three-fourths of the Android devices currently in use, the security company said.
Google's director of Android security, Adrian Ludwig, wrote on Google+ that Google has "worked closely" with Check Point in recent weeks "to investigate and protect users" from the Gooligan variant.
"We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall," Ludwig wrote. "These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether."
Google responded to a request for comment by referring CRN USA to Ludwig's Google+ post.
The number of affected devices "continues to rise at an additional 13,000 breached devices each day," Check Point said in a blog post.
Check Point said it was offering a free tool at gooligan.checkpoint.com that lets users determine if they've suffered a breach.