The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prising the devices open and stealing the tokens users are given to verify they are authorized to access accounts. Its main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month.

It does not appear the hackers are actually using the account credentials to pilfer user data. Google's Android security chief, Adrian Ludwig, posted a blog about Gooligan today, saying the company had not seen any evidence of other fraudulent activity on the stolen accounts, outside of the promotion of apps. "The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant," said Ludwig. All affected users have been notified and had their account login tokens reset. They've also been provided with clear guidelines on how to login securely, Ludwig added. Apps associated with Ghost Push activity have been removed from Google Play too.

For the whole story read it here at Forbes.com.