60 apps with 100 mn installs found infected
image for illustrative purpose
San Francisco: Google Play has been infiltrated by a new Android malware called 'Goldoson', which has been discovered in 60 legitimate apps with a combined total of 100 million downloads.
The malicious malware component is integrated into a third-party library that the developers inadvertently incorporated into all sixty apps, reports BleepingComputer. The Android malware, discovered by McAfee's research team, is capable of collecting a range of sensitive data, including information on the user's installed apps, WiFi and Bluetooth-connected devices, and GPS locations. Additionally, it can perform ad fraud by clicking ads in the background without the user's consent, according to the report.
When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server. The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.