Don’t be a Victim: Goldoson Malware Found in Legitimate Android Apps
60 legitimate apps on the Google Play Store, with a combined total of 100 million downloads, have been infected by a new, sinister Android malware called “Goldoson”. Beware of downloading these infected apps, as the malware is part of a third-party library that all 60 apps have used without the knowledge of their developers. Among the popular apps that have been impacted by this malware are L.POINT with L.PAY, Swipe Brick Breaker, Money Manager Expense & Budget, and GOM Player.
Data Theft and Ad Fraud
A closer examination of Goldoson’s operation reveals that when a user launches an app that contains Goldoson, the library registers the device and obtains its configuration from a remote server with an obfuscated domain. The configuration includes settings that determine which functions Goldoson should execute for stealing data and clicking on ads on the infected device and how often.
Google Responds to Goldoson Malware Threat, but the Risk Persists
Goldoson’s data collection feature typically activates every two days, transmitting a list of installed apps, MAC addresses of Bluetooth and WiFi devices, geographical location history, and other data to the C2 server. The amount of data collected depends on the permissions granted to the infected app during installation and the version of Android being used.
How Goldoson Malware works
Many of the affected apps were cleaned up by their developers, who removed the malicious library. Apps from unresponsive developers were removed from the Google Play Store for non-compliance with its policies.
To minimize the risk, users who downloaded an impacted app from Google Play should apply the latest available update. However, Goldoson may still be present in third-party Android app stores, where the likelihood of the malicious library remaining high. Common signs of adware and malware infection include a device that heats up, rapid battery depletion, and unusually high internet data usage, even when the device is not in use.
Keep Your Android Device Secure: Guard Against Goldoson and Other Threats
To protect your Android device from Goldoson and other malware, it is critical to be cautious. Always download apps from reputable sources like Google Play and avoid third-party app stores. Keep your device updated with the latest security patches and app updates, and consider using a trusted mobile security app to scan for threats.
Remember that safeguarding your valuable personal data and ensuring a trouble-free mobile experience is more important than taking risks.
