Begin typing your search...

60 apps with 100 mn installs found infected

image for illustrative purpose

60 apps with 100 mn installs found infected
X

17 April 2023 11:18 PM IST

San Francisco: Google Play has been infiltrated by a new Android malware called 'Goldoson', which has been discovered in 60 legitimate apps with a combined total of 100 million downloads.

The malicious malware component is integrated into a third-party library that the developers inadvertently incorporated into all sixty apps, reports BleepingComputer. The Android malware, discovered by McAfee's research team, is capable of collecting a range of sensitive data, including information on the user's installed apps, WiFi and Bluetooth-connected devices, and GPS locations. Additionally, it can perform ad fraud by clicking ads in the background without the user's consent, according to the report.

When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server. The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.

Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.

Google Play Goldoson BleepingComputer Android malware 
Next Story
Share it