A recently discovered Android malware, dubbed Goldoson, is posing a significant risk after infiltrating the Google Play Store and affecting 60 authentic apps, resulting in 100 million downloads. The malware has impacted well-known apps such as L.POINT with L.PAY, Swipe Brick Breaker, Money Manager Expense & Budget, and GOM Player.
Developers unknowingly integrated the harmful Goldoson component within their apps, as it was part of a third-party library. Researchers from McAfee have revealed that Goldoson can collect data on users’ GPS positions, installed applications, and devices connected through WiFi and Bluetooth. Furthermore, the malware secretly participates in ad fraud, clicking on advertisements in the background, which can financially hurt advertisers.
When a user opens an app containing Goldoson, the malware registers the device and acquires its configuration from an obscured domain on a remote server. The configuration outlines the data extraction and ad-clicking operations that will occur on the compromised device, as well as the frequency of these actions. Goldoson activates its data collection features every two days, sending detailed information, such as installed apps, location history, and MAC addresses of Bluetooth and WiFi-connected devices, to the C2 server.
The scope of data collection is contingent on the permissions granted to the infected app during installation and the Android version in use. McAfee, as part of the Google App Defense Alliance, is working with Google to maintain a malware- and adware-free Play Store. Google has been notified about the issue, and developers of the affected apps have been contacted.
Some developers have promptly removed the harmful library from their apps, while those who did not adhere to Google Play’s guidelines had their apps taken down from the store. Users can minimize the risk by updating to the latest app version, but Goldoson’s presence on third-party Android app stores heightens the possibility of the malware’s continued activity.
Experts caution users to be aware of common indicators of adware and malware infections, such as a device overheating, battery draining rapidly, and high internet data usage when the device is not in use. To defend against potential threats, users should stay vigilant and adopt necessary safety measures.
Smartphone users are advised to download apps exclusively from trustworthy sources like Google Play and to steer clear of third-party app stores to guarantee the security of their personal data. Regularly updating devices with the newest security patches and app versions is crucial. Moreover, using a reliable mobile security app to scan for possible threats can help ensure device safety.
In the digital world, prioritizing security over convenience is of utmost importance. Safeguarding personal data can help avert potential issues and guarantee a smooth mobile experience.
