Malware has breached over 1 million Android devices

Infected apps reach an estimated 13,000 new devices every day

Google's Nexus 4 was one of the company's many Nexus devices--meant to be a sort of flagship phone for Android users Creative Commons / Wikipedia

We may earn revenue from the products available on this page and participate in affiliate programs. Learn more ›

Security research firm Check Point Software yesterday revealed a security breach that could affect more than one million Android devices worldwide. Known as Googlian, the program gains access to authentication information for Google services—including Gmail, Google Drive, Google Photos, Google Docs, among others.

Devices running Android versions 4 (a.k.a. Jelly Bean and KitKat) and 5 (a.k.a. Lollipop) are at risk. Currently that accounts for more than 74 percent of all active devices, about 19 percent of which are in the U.S.

The Googlian malware infects phones by hiding in apps that appear totally legit and tempt users further because they’re free. These apps live in third-party app stores (i.e. outside the Google Play Store), but Check Point says that many users also download them by clicking on phishing links in emails and text messages. Once the malicious software is installed, it sends key device data to Googlian, allowing it to root the device and gain near-complete control over its operations.

At this point, Googlian becomes especially sneaky. It downloads its own control module onto the device, which mimics user behavior, making it difficult to detect and allowing it to swipe authentication information, and install apps and adware. By doing this, Googlian is actually able to artificially bump up the ratings of its malicious apps, further tempting users to download them and enter the vicious cycle. (Suspect apps are listed in Appendix A on the Check Point blog.)

In a blog post published Tuesday, Google assured users that the company’s security team has worked closely with Check Point in their investigation of the Googlian malware. According to the post, the security team has been working on measures to protect users from what it terms “Ghost Push” apps, which are most often downloaded outside the Google Play Store and work to install malicious software on their own post-download.

To check if your account is breached, visit If your credentials are among the compromised, Check Point suggests a clean installation of your operating system. A clean install (or “flashing”) a device is a long, multi-step affair, so you may want to head to your service provider for help. Once that’s done, reset your Google account password(s).

While you’re already in the process of resetting, make sure to create an iron-clad password. Consult Google’s own tips for creating strong passwords, or take it directly from net-security expert Brian Krebs.