So, the rooted devices will then download and install the software that steals authentication tokens, and giving it access to the device owner’s Google-related accounts sans the need to enter the password. These tokens will work on several Google products including Gmail, Google Photos, Google Docs, Google Play, Google Drive and G Suite.
Basically, a Google authorisation token is a way to access the Google account and the related services of a user that is issued by Google. Once stolen by a hacker, they can use this token to access all your Google services.
How to find out if your device is infected
Those who have been downloading apps from sources apart from the official Play Store, and want to check if their account is compromised can do so at this checkpoint.
Check this list of apps, if you have downloaded any one of these then your device is infected.
Gooligan Android malware affects 1 million devices: Here's how to check if your device is infected – Tech2