Named Gooligan, the malware is said to have "rooted through Android devices and stolen email addresses and authentication tokens stored on them", allowing attackers to access users' sensitive data on Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite.

“This theft of over a million Google account details is very alarming and represents the next stage of cyberattacks,” said the company's mobile products head Michael Shaulov in a press release. “We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them.” 

(Read also: Live-streaming viewers exposed to malware, data theft: Study)

Gooligan reportedly infected 13,000 devices each day (in which around 40 percent located in Asia and 12 percent in Europe), targeting Android Jelly Bean, KitKat and Lollipop (which means nearly 74 percent of Android devices in use today) and installed at least 30,000 apps on breached devices every day. 

The infection is said to begin "when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or is clicking on malicious links in phishing attack text messages". 

Following the news, Google said it had taken action on the matter, which included contacting affected users and revoking their tokens and removing apps associated with the Ghost Push family from Google Play. (fmn/kes)

Popular

Decline in Indonesia’s press freedom alarming

Govt suspends Sam Altman’s biometric identity project over legal concerns

Jakartans rush to join ‘orange troops’ amid job scarcity