The Android ecosystem is no stranger to vicious malware and ransomware attacks. Over the years, this has raised serious privacy and security concerns. While Google has worked towards user security and privacy, cyber attackers always find ways to get around such measures. A recent example of this is the “Goldoson malware” attack, which can lead you to ad fraud. The worst part is that all the 63 infected apps are widely popular with over 10M+ installs.
Do Not Fall for These Goldoson-Infected Apps
Primarily detected in popular apps in South Korea by McAfee, the Goldoson malware is part of a software library that had been used by all the infected apps unknowingly. According to McAfee’s report, the malware is capable of ad fraud. You will not even realize the existence of this malware on your device and it will continue to operate in the background, clicking ads without your consent.
It can collect data on the apps installed on your smartphone, Wi-Fi, GPS, and Bluetooth-connected devices. Now, how does it work? The report explains that whenever you launch any of the infected apps on your device, the Goldoson malware registers your device information into its library and receives your device configuration from a masked remote server.
This configuration will be able to decide the parameter of data-stealing and ad-clicking on your device. This includes the frequency of these actions as well as the type of data that the server can access.
Usually, the data from your device is sent to the masked server every 2 days. However, the level of infection also depends on the type and number of permissions you have assigned to the infected app. Even with robust security measures of Android 11 and above, Goldoson can easily access sensitive data from 10% of the apps. In the same way, the malware performs its ad-clicking activity via HTML code loading inside a customized WebView. This WebView is hidden from you and you will never see any indication of an attack. You can check some of the infected apps below.
- L.POINT with L.PAY (10M+)
- Swipe Brick Breaker (10M+)
- Money Manager Expense & Budget (10M+)
- TMAP (10M+)
- Lotte Cinema (10M+)
- Genie Music (10M+)
- Culture Land (5M+)
- GOM Player (5M+)
- Megabox (5M+)
- LIVE Score, Real-Time Score (5M+)
- Pikicast (5M+)
- Compass 9: Smart Compass (1M+)
- GOM Audio – Music, Sync lyrics (1M+)
- GOM TV – All About Video (1M+)
- Guninday (1M+)
- LOTTE WORLD Magicpass (1M+)
- Item Mania (1M+)
- Bounce Brick Breaker (1M+)
- Infinite Slice (1M+)
- Pump (1M+)
- SomNote – Beautiful note app (1M+)
- Korea Subway Info: Metroid (1M+)
- GOODTV (1M+)
- UBhind: Mobile Tracker Manager (1M+)
- Happy mobile (1M+)
- Mafu Driving (1M+)
Although McAfee has worked with Google to proactively contact developers to fix this issue and remove infected apps from the Play Store, the risk is still very real. The best you can do, in case you have any of these apps installed, is to uninstall them and go for a fresh format for your device. Learn more about the Goldoson malware from the Mcafee website.