Asia is ground zero for malware infections dubbed "Gooligan" and aimed at Android operating systems, with the majority of the million Google accounts breached since August located there, researchers said.
The malware burrows in to mobile devices running on Android and steals information from Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite, researchers from Check Point Software Technologies said.
Attackers can also generate revenue by installing apps from Google Play on infected phones.
The malware infects a device after a user downloads and installs a "Gooligan"-infected app on third-party app stores, or when users accidentally click on malicious links in phishing attacks. After the infected app is installed, it sends data about the device to the malware's main server and downloads a rootkit, which enables the attacker to gain control of the mobile device.
"This theft of over a million Google account details is very alarming and represents the next stage of cyber-attacks," Michael Shaulov, Check Point's head of mobile products. said.
"We are seeing a shift in the strategy of hackers, who are now targeting mobile devices in order to obtain the sensitive information that is stored on them."