Anyone running an older version of the Android operating system, be warned: Malware is infecting 13,000 Android devices every day, putting at risk the private details of more than 1 million Google accounts.
That’s according to cybersecurity software company Check Point, which discovered a new piece of malware called “Gooligan” that’s infecting Android phones and stealing email addresses.
Users who download Gooligan-infected apps or click links in phishing messages are being exposed to the malware, which allows attackers to access sensitive information from Google apps like Gmail, Drive, and Photos.
Once attackers hack into the device, they’re buying apps on the Google Play store and writing reviews posing as the phone’s owner, Check Point says.
Anyone who owns a device running Android 4 and 5 — that includes Android Jelly Bean, KitKat, and Lollipop — is most at risk, according to Check Point, and those devices make up nearly 75% of Android users.
Check Point has made an online tool to check if your phone is infected with Gooligan. By typing your Google address into the Gooligan Checker, you can find out if you’ve been hacked.
Security issues on Android are aren’t exactly uncommon, since Android runs on third-party devices that are in charge of their own security and can be slow to update. Back in July, Check Point discovered another breach that affected 85 million Android phones. The devices were infected with malware that was generating $300,000 every month in ad revenue. And in August, hackers began using Google AdSense to target Android users and steal their banking data.
Google did not immediately respond to a request for comment on the latest breach.