That discovery comes from computer researchers at Check Point, a cybersecurity firm. On Wednesday, Google confirmed to CNNMoney the nature and extent of the problem.
The hackers have managed to steal digital “tokens” that give them access to Google services, like a person’s email and photo collection. But according to Google, hackers have not yet tapped that information and stolen it.
The massive hack appears to be a criminal enrichment scheme.
Infected Android smartphones begin to install other, legitimate Android apps — then rate them highly. This fraudulently inflates their reputation, according to Check Point researchers.
Google has already removed the legitimate apps from its official store that have benefited from this ratings conspiracy, according to a blog post by Adrian Ludwig, the company’s director of Android security.
The malware also installs malicious advertising software that tracks users, a potential boon for data-hungry marketers.
Google says it has blocked 150,000 versions of this kind of nasty cyberattack.
But the problem persists. Another 13,000 devices are getting infected and breached daily, according to Check Point researchers who have been tracking this type of cyberattack since last year. They’ve nicknamed the hacking campaign “Gooligan.”
Check Point has set up a website — Gooligan.CheckPoint.com — for people to check if their devices have been hacked. (It requires you to enter your Google email address, gives you a response, and offers the company’s “ZoneAlarm” product.)
Alternatively, Android users could check to see if they have downloaded illegitimate versions of any of the apps listed at the bottom of this article.
Smartphone owners are advised to only download certified computer programs from official repositories. Google has its Google Play store. Apple has its App Store.
But some people insist on visiting unofficial app stores — typically on shady websites — because they offer free, counterfeit versions of popular apps.
“Not surprisingly, a malware, spread in unofficial markets, can create real damage,” said Zuk Avraham, the founder of another cybersecurity firm, Zimperium.
On Tuesday, Google stressed that users should avoid downloading outside of Google Play.
According to Check Point, here’s the list of potentially infected apps:
Perfect Cleaner Demo WiFi Enhancer Snake gla.pev.zvh Html5 Games Demm memory booster แข่งรถสุดโหด StopWatch Clear ballSmove_004 Flashlight Free memory booste Touch Beauty Demoad Small Blue Point Battery Monitor 清理大师 UC Mini Shadow Crush Sex Photo 小白点 tub.ajy.ics Hip Good Memory Booster phone booster SettingService Wifi Master Fruit Slots System Booster Dircet Browser FUNNY DROPS Puzzle Bubble-Pet Paradise GPS Light Browser Clean Master YouTube Downloader KXService Best Wallpapers Smart Touch Light Advanced SmartFolder youtubeplayer Beautiful Alarm PronClub Detecting instrument Calculator GPS Speed Fast Cleaner Blue Point CakeSweety Pedometer Compass Lite Fingerprint unlock PornClub com.browser.provider Assistive Touch Sex Cademy OneKeyLock Wifi Speed Pro Minibooster com.so.itouch com.fabullacop.loudcallernameringtone Kiss Browser Weather Chrono Marker Slots Mania Multifunction Flashlight So Hot Google HotH5Games Swamm Browser Billiards TcashDemo Sexy hot wallpaper Wifi Accelerate Simple Calculator Daily Racing Talking Tom 3 com.example.ddeo Test Hot Photo QPlay Virtual Music Cloud