ALERT: Police ID driver killed; search for hit-and-run suspect

Nearly one million Android phones infected by hackers

The massive hack appears to be a criminal enrichment scheme.

The massive hack appears to be a criminal enrichment scheme.

NEW YORK — Once again, hackers are showing why you should never, ever download apps outside official app stores.

Hackers have gained access to more than 1.3 million Google accounts — emails, photos, documents and more — by infecting Android phones through illegitimate apps.

That discovery comes from computer researchers at Check Point, a cybersecurity firm. On Wednesday, Google confirmed to CNNMoney the nature and extent of the problem.

The hackers have managed to steal digital “tokens” that give them access to Google services, like a person’s email and photo collection. But according to Google, hackers have not yet tapped that information and stolen it.

The massive hack appears to be a criminal enrichment scheme.

Infected Android smartphones begin to install other, legitimate Android apps — then rate them highly. This fraudulently inflates their reputation, according to Check Point researchers.

Google has already removed the legitimate apps from its official store that have benefited from this ratings conspiracy, according to a blog post by Adrian Ludwig, the company’s director of Android security.

The malware also installs malicious advertising software that tracks users, a potential boon for data-hungry marketers.

Google says it has blocked 150,000 versions of this kind of nasty cyberattack.

But the problem persists. Another 13,000 devices are getting infected and breached daily, according to Check Point researchers who have been tracking this type of cyberattack since last year. They’ve nicknamed the hacking campaign “Gooligan.”

Check Point has set up a website — Gooligan.CheckPoint.com — for people to check if their devices have been hacked. (It requires you to enter your Google email address, gives you a response, and offers the company’s “ZoneAlarm” product.)

Alternatively, Android users could check to see if they have downloaded illegitimate versions of any of the apps listed at the bottom of this article.

Smartphone owners are advised to only download certified computer programs from official repositories. Google has its Google Play store. Apple has its App Store.

But some people insist on visiting unofficial app stores — typically on shady websites — because they offer free, counterfeit versions of popular apps.

“Not surprisingly, a malware, spread in unofficial markets, can create real damage,” said Zuk Avraham, the founder of another cybersecurity firm, Zimperium.

On Tuesday, Google stressed that users should avoid downloading outside of Google Play.

According to Check Point, here’s the list of potentially infected apps:

  1. Demo
  2. WiFi Enhancer
  3. Snake
  4. pev.zvh
  5. Html5 Games
  6. Demm
  7. memory booster
  8. แข่งรถสุดโหด
  9. StopWatch
  10. Clear
  11. ballSmove_004
  12. Flashlight Free
  13. memory booste
  14. Touch Beauty
  15. Demoad
  16. Small Blue Point
  17. Battery Monitor
  18. 清理大师
  19. UC Mini
  20. Shadow Crush
  21. Sex Photo
  22. 小白点
  23. ajy.ics
  24. Hip Good
  25. Memory Booster
  26. phone booster
  27. SettingService
  28. Wifi Master
  29. Fruit Slots
  30. System Booster
  31. Dircet Browser
  32. FUNNY DROPS
  33. Puzzle Bubble-Pet Paradise
  34. GPS
  35. Light Browser
  36. Clean Master
  37. YouTube Downloader
  38. KXService
  39. Best Wallpapers
  40. Smart Touch
  41. Light Advanced
  42. SmartFolder
  43. youtubeplayer
  44. Beautiful Alarm
  45. PronClub
  46. Detecting instrument
  47. Calculator
  48. GPS Speed
  49. Fast Cleaner
  50. Blue Point
  51. CakeSweety
  52. Pedometer
  53. Compass Lite
  54. Fingerprint unlock
  55. PornClub
  56. browser.provider
  57. Assistive Touch
  58. Sex Cademy
  59. OneKeyLock
  60. Wifi Speed Pro
  61. Minibooster
  62. so.itouch
  63. fabullacop.loudcallernameringtone
  64. Kiss Browser
  65. Weather
  66. Chrono Marker
  67. Slots Mania
  68. Multifunction Flashlight
  69. So Hot
  70. Google
  71. HotH5Games
  72. Swamm Browser
  73. Billiards
  74. TcashDemo
  75. Sexy hot wallpaper
  76. Wifi Accelerate
  77. Simple Calculator
  78. Daily Racing
  79. Talking Tom 3
  80. example.ddeo
  81. Test
  82. Hot Photo
  83. QPlay
  84. Virtual
  85. Music Cloud