More than a million Android smartphones have been affected by “Googlian”, a new variant of malware, according to a report by a security firm. This security breach is believed to be the single largest theft of data of Google accounts on record.

“Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more,” Check Point Software Technologies said in its report. A team from the security firm is working with Google to investigate the source of Gooligan.

The malware had targetted devices that run on Android 4 (Jelly Bean and KitKat) and Android 5 (Lollipop), which constitute more than 74% of the Google handsets in the market. According to Check Point, 57% of the affected phones were in use in Asia, while about 9% of them were in Europe.

The firm’s head of mobile products, Michael Shaulov, told AFP: “This theft of over a million Google account details is very alarming and represents the next stage of cyber attacks.”

According to the report, the infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. The malware’s aim is to force users to download apps as part of an advertising fraud scheme. “Logs collected by Check Point researchers show that every day, Gooligan installs at least 30,000 apps fraudulently on breached devices or over 2 million apps since the campaign began,” the report explained.