Nearly one million Android phones infected by hackers

We tried Duo, Google's FaceTime competitor
We tried Duo, Google's FaceTime competitor

Once again, hackers are showing why you should never, ever download apps outside official app stores.

Hackers have gained access to more than 1.3 million Google accounts -- emails, photos, documents and more -- by infecting Android phones through illegitimate apps.

That discovery comes from computer researchers at Check Point, a cybersecurity firm. On Wednesday, Google confirmed to CNNMoney the nature and extent of the problem.

The hackers have managed to steal digital "tokens" that give them access to Google services, like a person's email and photo collection. But according to Google, hackers have not yet tapped that information and stolen it.

android data crack

The massive hack appears to be a criminal enrichment scheme.

Infected Android smartphones begin to install other, legitimate Android apps -- then rate them highly. This fraudulently inflates their reputation, according to Check Point researchers.

Google has already removed the legitimate apps from its official store that have benefited from this ratings conspiracy, according to a blog post by Adrian Ludwig, the company's director of Android security.

The malware also installs malicious advertising software that tracks users, a potential boon for data-hungry marketers.

Google says it has blocked 150,000 versions of this kind of nasty cyberattack.

But the problem persists. Another 13,000 devices are getting infected and breached daily, according to Check Point researchers who have been tracking this type of cyberattack since last year. They've nicknamed the hacking campaign "Gooligan."

Check Point has set up a website -- Gooligan.CheckPoint.com -- for people to check if their devices have been hacked. (It requires you to enter your Google email address, gives you a response, and offers the company's "ZoneAlarm" product.)

Alternatively, Android users could check to see if they have downloaded illegitimate versions of any of the apps listed at the bottom of this article.

Smartphone owners are advised to only download certified computer programs from official repositories. Google has its Google Play store. Apple has its App Store.

But some people insist on visiting unofficial app stores -- typically on shady websites -- because they offer free, counterfeit versions of popular apps.

"Not surprisingly, a malware, spread in unofficial markets, can create real damage," said Zuk Avraham, the founder of another cybersecurity firm, Zimperium.

On Tuesday, Google stressed that users should avoid downloading outside of Google Play.

According to Check Point, here's the list of potentially infected apps:

  1. Perfect Cleaner
  2. Demo
  3. WiFi Enhancer
  4. Snake
  5. gla.pev.zvh
  6. Html5 Games
  7. Demm
  8. memory booster
  9. แข่งรถสุดโหด
  10. StopWatch
  11. Clear
  12. ballSmove_004
  13. Flashlight Free
  14. memory booste
  15. Touch Beauty
  16. Demoad
  17. Small Blue Point
  18. Battery Monitor
  19. 清理大师
  20. UC Mini
  21. Shadow Crush
  22. Sex Photo
  23. 小白点
  24. tub.ajy.ics
  25. Hip Good
  26. Memory Booster
  27. phone booster
  28. SettingService
  29. Wifi Master
  30. Fruit Slots
  31. System Booster
  32. Dircet Browser
  33. FUNNY DROPS
  34. Puzzle Bubble-Pet Paradise
  35. GPS
  36. Light Browser
  37. Clean Master
  38. YouTube Downloader
  39. KXService
  40. Best Wallpapers
  41. Smart Touch
  42. Light Advanced
  43. SmartFolder
  44. youtubeplayer
  45. Beautiful Alarm
  46. PronClub
  47. Detecting instrument
  48. Calculator
  49. GPS Speed
  50. Fast Cleaner
  51. Blue Point
  52. CakeSweety
  53. Pedometer
  54. Compass Lite
  55. Fingerprint unlock
  56. PornClub
  57. com.browser.provider
  58. Assistive Touch
  59. Sex Cademy
  60. OneKeyLock
  61. Wifi Speed Pro
  62. Minibooster
  63. com.so.itouch
  64. com.fabullacop.loudcallernameringtone
  65. Kiss Browser
  66. Weather
  67. Chrono Marker
  68. Slots Mania
  69. Multifunction Flashlight
  70. So Hot
  71. Google
  72. HotH5Games
  73. Swamm Browser
  74. Billiards
  75. TcashDemo
  76. Sexy hot wallpaper
  77. Wifi Accelerate
  78. Simple Calculator
  79. Daily Racing
  80. Talking Tom 3
  81. com.example.ddeo
  82. Test
  83. Hot Photo
  84. QPlay
  85. Virtual
  86. Music Cloud

CNNMoney Sponsors