Google Play has been infiltrated by a new Android malware called ‘Goldoson’, which has been detected in 60 legitimate apps with 100 million downloads in total.
As BleepingComputer reports, the malicious malware component has been integrated into a third-party library that developers inadvertently included in all sixty apps.
The Android malware, discovered by McAfee’s research team, is capable of collecting a range of sensitive data, including information on a user’s installed apps, WiFi and Bluetooth connected devices, and GPS locations.
Additionally, it may commit ad fraud by clicking on ads in the background without the user’s consent, according to the report.
When a user runs an app containing Goldoson, the library registers the device and receives its configuration from a promiscuous remote server.
The setup specifies how and how often Goldoson should perform the data-stealing and ad-clicking functions on the infected device.
Furthermore, the report states that the data collection mechanism is usually set to activate every two days, listing installed apps, geolocation history, MAC addresses of devices connected via Bluetooth and WiFi. and other information is transmitted to the C2 server.
The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Although Android 11 onwards is better protected against arbitrary data collection, researchers found that Goldoson had enough rights to acquire sensitive data in 10 percent of apps even in newer versions of the OS, the report noted. Has been done
Advertising income is generated by loading HTML code and injecting it into a customized, hidden WebView and then using it to execute multiple URL visits.
There is no indication of this action on the victim’s device.
In January, Google’s Threat Analysis Group terminated thousands of accounts linked to a group called ‘DragonBridge’ or ‘Spamoflage Dragon’, which disseminated pro-China disinformation on various platforms.
According to the tech giant, DragonBridge gets new Google accounts from wholesale account sellers, and has also at times used accounts previously used by financially motivated actors to post misinformation videos and blogs. are reused.
You can see the detailed list of infected apps mentioned by Here,
The post Goldoson Android malware infects 60 apps on Play Store: Check list here appeared first on Techlusive.