Google's Android is suffering a massive malware infection. Dubbed the "Gooligan", it affects more than one million Android users around the world with Asia as its ground zero.
The malware that aims for Android mobile operating system, was first revealed in August 2016. What it does is to burrow deep inside mobile devices to steal information from Google's apps such as Gmail, Google Play Store, Google Photos, Google Doc, Google Drive and G Suite.
The malware is able to infect Android after the user downloads and installs a Gooligan-infected app from third-party app stores, or after clicking malicious links on the internet. After the infected app is installed, the app will send data to the malware's server to download a rootkit. This will enable the attacker to have control of the infected device.
With more than a million Android devices affected, over 13,000 additional devices are becoming victims on each occurring day.
The goal of the malware isn't about stealing information but more about generating revenue. With Gooligan, attackers can make the infected device to install malicious apps from Google Play which will then generate profits from ad revenue as part of a fraud scheme. Reportedly, the attackers can generate to up to $320,000 of revenue each month.
"We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them," said researchers from Check Point, a security firm that first revealed the attack.
A spokesperson for Google has since said their investigation found no evidence to indicate Gooligan has accessed any sensitive user data. "The motivation… is to promote apps, not steal information."
Gooligan is said to be a malware that is a branch of Ghost Push which aims to sneak malicious software inside a device, to then granting the attacker to install infected apps from Play Store.
To stop the spread of the malware, Google said that it has already removed the malicious apps from the Play Store, and has taken the necessary steps to prevent future spread of infections.
This isn't the first time Google and Android have been hit with malware. But Gooligan here is seen as the biggest Android breach recorded as of 2016. Previously, Android vulnerability Stagefright has put more than 275 million devices at risk, but the fact that it has remained unclear of how many users are actually infected.
57 of Gooligan-infected devices are located in Asia. 19 percent in America, 15 percent in Africa and 9 percent in Europe.
The reason for this is said because the malware is more dominant on older versions of Android (74 percent of infected devices are powered by Android 4.1 Jelly Bean, Android 4.4 KitKat and the Android 5.0 Lollipop). Those older versions are still powering up most Android devices in the region.