“Goldoson,” an Android Malware, Invade 60 Applications on Google Play

Goldoson is an Android malware that invades 60 applications. These applications had 100M downloads collectively. This malware is a third-party library component...

Goldoson is an Android malware that invades 60 applications. These applications had 100M downloads collectively. This malware is a third-party library component that all 60 applications were using. However, the developers were not known about the malware.

Here is the list of a few infected applications:

  • L.POINT with L.PAY – 10 million downloads
  • Pikicast – 5 million downloads
  • Swipe Brick Breaker – 10 million downloads
  • Money Manager Expense & Budget – 10 million downloads
  • LIVE Score, Real-Time Score – 5 million downloads
  • GOM Player – 5 million downloads
  • Compass 9: Smart Compass – 1 million downloads
  • and more

McFee’s research team discovered this malware, “Goldoson.” According to them, the malware collected data from different resources, including the user’s GPS location, WiFi-connected devices, Bluetooth devices, and installed apps.

Moreover, it could do ad fraud if a user clicks on any ad without taking consent from the user.

Android Malware Steals Data from Devices

If a user downloads and installs any application containing Goldoson, its library automatically logs the device and captures its configuration using a remote private server.

The configuration includes all the parameters Android malware can run on the device for ad clicking and data stealing.

Android Malware

Every two days, it collects data by activating the function of data collection. Then, it sends the C2 server the list of geographical locations, installed apps, and MAC addresses of the devices connected via WiFi, Bluetooth, etc.

The data amount collected by the malware depended on the permissions provided by the user. For example, Devices with Android 11 or above provide high-level protection for data. So, they might be less affected compared to the lower versions.

However, McAfee also found that in recent OS versions, users gave malware enough permission to collect sensitive data of their devices in 10% of apps. Along with that, The function of ad-clicking is activated using a customized HTML code, various URL visits, WebView, and generating ad revenues.

Goldoson libraries are removed from the Google Play app. But, MaAfee warned the users to always check twice before allowing permissions to any application because the risk is still there.

Suggested:

How To Remove Malware From Computer.

Written by Namita Mahajan
I am a Technical Writer who loves writing on emerging technologies, such as Cloud Computing, Software Development, SEO, App Development, and more. Extensive knowledge of SEO and Social Media Management is a plus point about me. My experience of 7+ gave to work in diversity of industries and content copies. Besides writing, I a traveller and is passionate about movies, reading, and food.
Profile  

Leave a Reply

Your email address will not be published. Required fields are marked *