A new variant of Android malware dubbed "Gooligan" is responsible for the biggest single theft of Google accounts on record.

Android 'Gooligan' Malware

According to Forbes, since August, the so-called Gooligan Android malware strain has infected as many as 1.3 million Android smartphones. The malware is gaining complete access to the devices, allowing the hackers to steal the authorization tokens given to users to verify access to their accounts. Security experts believe that the main aim of the hack is not to access data in Docs or Gmail, but rather to force users to download apps. This is all part of a huge advertising fraud scheme that is making as much as $320,000 a month.

How Gooligan Malware Works

Since the start of November, Gooligan is been racking up an average of 13,000 new infections every day, spreading at an alarming rate, according to researchers from Check Point. When users visit a certain website and download a third-party app, the malicious software gains its foothold on devices. According to Michael Shaulov, head of mobile and Cloud Security Check Point, the infected website could be a third-party app store or a porn site. There, visitors are lured into downloading software in order to get access to content.

Once downloaded, Gooligan launches the appropriate exploits to "root" the device. This means complete control over it. The attackers have used long-known vulnerabilities, such as Towelroot and VROOT. According to Computerworld, the Android-based malware targets devices running older versions of Android, such as Android 4.01 through 5.01, including Lollipop, KitKat, and Jelly Bean.

Those operating systems account together for around 74 percent of Android devices in use today (for a total of around 1.03 billion). Most Gooligan infections are in Asia (40 percent), while only 19 percent are in the Americas, (mostly in North America). Europe counts around 12 percent of Gooligan infections.