1 million Android devices have been affected by Gooligan; Here is a tool to check your Google account if it's one of them

A Gooligan infection starts with downloading an infected app from a third-party app store. Gooligan is a variant of Ghost Push, which Google has been aware of since last year. It only works on versions of Jelly Bean, KitKat, and Lollipop—all newer versions are patched. Upon being installed by the user, it downloads a root exploit like Towelroot to gain full access to the device. The malware copies the user's account token and sends it to a remote server, giving the malware authors full access to the account data.

Information from Android Police and Business Insider. Click on respective link for additional information.