A new, deadly Android malware known as “Goldoson” has made its way to the Google Play Store, infecting 60 genuine apps with a total of 100 million downloads.
Beware of Infected Apps
The harmful Goldoson component is part of a third-party library that all sixty apps use and that creators unintentionally included in their applications. Among the popular programmes affected by this malware are L.POINT with L.PAY, Swipe Brick Breaker, Money Manager Expense & Budget, and GOM Player. The malware can collect data about installed apps, WiFi and Bluetooth-connected devices, and the user’s GPS location, according to McAfee’s research team, which discovered Goldoson. Goldoson can also commit ad fraud by clicking adverts in the background without the user’s knowledge.
How Goldoson Operates: A Closer Look
When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server. The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Every two days, the data collecting mechanism kicks in, transmitting a list of installed apps, geographical location history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server. The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Google Takes Action, but Danger Lurks
McAfee, as a member of the Google App Defence Alliance, assists in keeping Google Play free of malware and adware threats. The researchers notified Google of their results, and the makers of the affected apps were notified as well.
Many of the impacted apps were cleansed by their developers, who uninstalled the harmful library, while non-responsive developers’ apps were deleted from Google Play for violating the store’s regulations.
Users who downloaded an impacted app from Google Play can mitigate the risk by installing the most recent available update. However, Goldoson is also available on third-party Android app stores, where the risk of the malicious library remaining is significant. A smartphone heating up, battery draining quickly, and unusually high internet data usage even when the device is not in use are all indicators of adware and malware infection.
Maintain Vigilance and Protect Your Device
It is critical to remain cautious in order to keep your Android smartphone protected from Goldoson and other infections. Avoid third-party app stores and only download software from trusted sources like as Google Play. Maintain your device’s security patches and app upgrades, and consider utilising a trustworthy mobile security tool to search for risks.