Google has said it's working hard in the fight against Ghost Push, or "Gooligan" Malware which has achieved additional exposure recently.

Ghost Push tried to get users to install more Android apps that are in effect malware. Users are likely to fall foul by installing outside of the Play store, but once the malware is on the system it will carry out its deeds. Reports suggest as many as 13,000 devices per day are becoming impacted.

Here's Google's take on this.
[plus.google.com...]

No evidence of user data access: In addition to rolling back the application installs created by Ghost Push, we used automated tools to look for signs of other fraudulent activity within the affected Google accounts. None were found. The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant.

Here's the report from Forbes which make sit sensationalist.

A new variant of Android malware is responsible for what’s believed to be the biggest single theft of Google accounts on record. The so-called Gooligan strain has infected as many as 1.3 million Android phones since August, completely prising the devices open and stealing the tokens users are given to verify they are authorized to access accounts. Its main aim, though, is not to pilfer all that juicy data in Gmail or Docs, but to force users into downloading apps as part of a huge advertising fraud scheme, making as much as $320,000 a month. Android 'Gooligan' Hackers Just Scored The Biggest Ever Theft Of Google Accounts [forbes.com]