If you tend to download apps from places other than the Play Store, your Google account might be compromised. Researchers at the security firm Check Point Software Technologies have uncovered a piece of malware that seeks to root your device in order to gain access to your precious Google account.

But the so-called Gooligan Trojan Horse isn’t after your credit card information or contacts list. Rather, the scheme is an old-fashioned money-making one. Once it has broken into your account, the malware proceeds to download apps from Google Play on your device and give them high marks and positive reviews on your behalf. Additionally, it may install adware on your phone that manifests itself in the form of intrusive pop-ups.

At least 1 million accounts have been affected by the Gooligan attack, and Check Point is seeing some 13,000 new devices infected each day, primarily ones running Jelly Bean, KitKat and Lollipop. Phones running Marshmallow (6.0) or Nougat (7.0, 7.1) appear to be immune.

While this particular strain might be new, the vulnerability itself is old hat. Gooligan is essentially a variant of Ghost Push, which Google has been working for the better part of two years to tackle. And rest assured, the company is already investigating the new strain with Check Point to protect future users from being infected. As Adrian Ludwig, lead engineer for Android security, noted on his Google+ blog, Google is constantly working to make sure vulnerabilities like Gooligan don’t happen in the future:

“We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.”

PCWorld