The ‘Gooligan’ strain of Android malware is reportedly now responsible for a record number of Google account thefts. As many as 1.3 million Android phones may have been infected since August. The goal may not be just theft of accounts, however. The thieves want users to download apps that make money in an advertising scheme via fake positive reviews.

According to researchers at Check Point, Gooligan is spreading to 13,000 new devices each day. It gets in when users visit a site or download a third-party app. The malware then roots the device, and then it takes over the person’s Google account token which will give the thieves access to Gmail and other Google apps data.

Those devices that are particularly vulnerable include those running Android 4 through 5 (Jelly Bean, KitKat and Lollipop). For now, most infections are in Asia, but 19 percent may be in America and 12 percent in Europe.

Google hasn’t confirmed there is any evidence of fraudulent activity on the stolen accounts. It is worth noting that previous leaks of Google account theft have proven false, in the end. But Check Point has issued a free Gooligan Checker. Gooligan appears to have started infecting phones as far back as June 2015, according to Forbes.

Google recommends you keep devices up to date with security patches. If a system image is available, a reinstall can completely remove an infection. The company is also actively working to remove related, nefarious apps from the Google Play store. The company says it has already contacted all users known to be affected.