Thursday, September 19, 2024

60 Google Apps have been Infected by the Goldoson Malware

A new Android malware had reportedly infiltrated Google Play. It is known as ‘Goldoson’ and has been found in 60 authentic apps with a combined total of around 100 million downloads. As per the report by BleepingComputer, the malicious malware element is incorporated into a third-party library. The developers have unintentionally integrated the same into all the apps.

Suggested read: Uninstall these Malware-Laden Apps from Your Device Immediately

Discovery

McAfee’s research team has discovered this malware. They said it can collect an assortment of sensitive data including information on the WiFi, installed apps, Bluetooth-connected devices, and GPS locations of the users. It can also perform ad fraud by clicking ads in the background without the users’ consent or knowledge.

- Advertisement -

Functioning

As soon as somebody runs an app that contains ‘Goldoson’ the library registers the device. Then it obtains the device’s configuration from an uncleared remote server. The setup specifies the frequency, ad-clicking, and data-stealing functions the malware should perform on the infected device.

As per the report, the data collection mechanism is generally set to activate every two days. It transmits a list of installed apps, MAC addresses of all the devices connected via WiFi and Bluetooth, geographical position history, etc. to the C2 server. The amount of data collection is ascertained by the permission granted during the installation of the app and based on the Android version as well.

60 Google Apps have been Infected by the Goldoson Malware 1

Protection and loopholes

Android 11 and later are protected against data collection arbitrarily but researchers found that ‘Goldoson’ has enough rights to obtain sensitive data from at least 10% of the apps even in the newer Android versions.

- Advertisement -

More information

Ad income is generated by loading HTML code and infusing it into a customized and hidden WebView. After that, it is used to execute several URL visits. The action is not indicated in the infected device in any way.

Previous threat and its mitigation by Google

Google’s Threat Analysis Group terminated numerous accounts associated with the ‘Spamouflage Dragon’ or ‘Dragonbridge’ group in January 2023. This has helped to disseminate pro-Chinese disinformation on several platforms.

Google says that ‘Dragonbridge’ acquires new Google accounts from bulk account sellers. It has also used previously used accounts of financially motivated users by repurposing them to post disinformation blogs and videos.

- Advertisement -
Dipanita Bhowmick
Dipanita Bhowmick
Dipanita Bhowmick: I am a content writer with 13+ years of experience in various genres, allowing me to adapt my writing style to diverse topics and audiences. Alongside my passion for creating engaging content, I have a deep interest in esoteric knowledge, constantly exploring the mystical and unconventional realms for inspiration along with spiritual and personal growth.

Related Articles

Stay Connected

2,814FansLike
179FollowersFollow
1,600SubscribersSubscribe
- Advertisement -spot_img

Latest Articles