Many breached accounts are associated with enterprises around the world, according to Check Point's data.
The Gooligan variant is infecting an estimated over 13,000 new devices every day, most of which are in Asia. It is delivered through infected apps when they are installed on an Android device, and also by malicious links that unsuspecting victims open.
Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represents about 74% of Android devices in use.
In addition to stealing e-mail addresses and authentication tokens, it also fraudulently downloads and rates apps from Google Play to the victim's devices. Check Point estimates that around 30,000 apps are fraudulently installed on devices every day by the malware.
If you suspect you might be a victim, you can use Check Point's free online tool to check your e-mail address against known breached accounts.
Google has been informed of the malicious software and already has taken action to protect vulnerable users, including revoking authentication tokens.
Source: Check Point