A new Android malware has managed to steal access to more than 1 million Google accounts, and it continues to infect new devices, according to security firm Checkpoint.
“We believe that it is the largest Google account breach to date,” the security firm said in Wednesday blog post.
The malware, called Gooligan, has been preying on devices running older versions of Android, from 4.1 to 5.1, which are still used widely, especially in Asia.
[Related: Best phone of the year 2016]
Gooligan masquerades as legitimate-looking Android apps. Checkpoint has found 86 titles, many of which are offered on third-party app stores, that contain the malicious coding.
Once Gooligan is installed, it attempts to root the device, as a way to gain full control. The malware does this by exploiting well-known vulnerabilities in older versions of Android.
“These exploits still plague many devices today because security patches that fix them may not be avai