Android users warned as 1.3 million phones are infected with account-stealing virus

A mass hacker attack against Android phones has given hackers access to 1.3 million Google accounts – with email, photos and documents.

New victims were being infected at a rate of 13,000 a day, cybersecurity company Check Point warned.

The attack – known as Ghooligan – is spread via illegitimate apps downloaded from outside official stores such as Google Play.

Hackers stole digital ‘tokens’ which could be used to break into people’s email – although so far, infected phones have just been used to download other apps and give them good reviews on other app stores.

The ratings ‘boost’ allowed cybercriminals to sell apps – making large sums of money.

Check Point’s Michael Shulov said, ‘They were able to get to the lowest level of the Android operating system where there are no limitations on what the malware can do, and then they went after these account files. It’s probably the biggest ever security breach of Google accounts.’

MORE: Let women drive says Saudi prince as he calls for end to ‘unjust’ ban

MORE: Police find pranksters dressed up in animal costumes while looking for a mountain lion

Google’s Adrian Ludwig said in a blog post that hackers had not accessed account details on any infected devices.

Ludwig said, ‘We’ve deployed Verify Apps improvements to protect users from these apps in the future. Even if a user tries to install an offending app from outside of Play, Verify Apps has been updated to notify them and stop these installations.

‘We revoked affected users’ Google Account tokens and provided simple instructions so they can sign back in securely. We have already contacted all users that we know are affected.’