A malicious virus called Gooligan based on Android app was found to hack about one 1 million Google accounts, hundreds of them were associated with enterprises.

The technicians of Check Point called this virus as Gooligan. It was spread via the repacks of apps from third party app market. So far, 86 apps are found to be embedded this virus.

Once users install those apps, this virus can access root authority of all Android 4.x devices or some Android 5.x devices.

The virus can control the mobile devices once it access the root authority, including silent installation application, stealing of applications passwords, obtaining screen-shots and visiting owners Google account or other accounts, or making positive comments on others apps on Google Play.

Andrian Ludwig, Android security director, stated on his blog that it teamed up with Check Point. It is not confirmed whether those infected accounts have been stolen or not. It indicated that the overall Google security system works as usual at present. Users can two-step verifications to have their accounts safer. In the meantime, Google is set up with verified process in its latest version, and scan all kinds of apps installed in mobiles regularly to compare with the ones on Google Play. The system will pop up warnings once it found users installed the copy cat apps.

Gooligan is a variant of Ghost Push which found in September of 2015. There is no app infected with Gooligan on Google Play store. The research showed that 57% of infected devices were from Asia, 19% were from United States and 9% were from Europe.