A new wave of Android malware spread through apps from third-party app stores has affected up to one million users of older Android phones, according to a new report from security company Check Point. The malware, dubbed Googlian, has been designed to steal Google credentials from affected devices.
Users of older Android phones can use a Check Point online tool to find out whether their account was compromised by the malware.
Googlian is able to take over infected devices by bypassing key security measures, a process that’s also known as rooting. It can then access a user’s Google login information, which could theoretically be used to access that user’s email account and other personal information. However, Google’s director of Android security Adrian Ludwig said Wednesday that there’s no evidence that Googlian has actually been used to steal personal information.
Instead, the malware seems to have been designed to boost app downloads on Google Play, and rate apps — something that’s likely being sold as a service to app developers looking to improve their standing on the app store. Ludwig said that Google has removed apps that benefited from these automated installs from Google Play.
This isn’t the first time that Android users are being targeted by this kind of vulnerability. Similar exploits have been in circulation since 2014, and Google has been trying to clamp down on the phenomenon through technical means, and by urging users to only install apps from Google Play.
However, in some cases, users simply don’t have a choice than to go elsewhere. Third-party app stores are especially popular in regions where popular apps aren’t officially available, or in countries like China where users don’t have access to Google Play at all. Check Point reported Wednesday that 57 percent of all devices infected are located in China.