The Android ecosystem is no stranger to vicious malware and ransomware attacks. Over the years, this has raised serious privacy and security concerns. While Google has worked towards user security and privacy, cyber attackers always find ways to get around such measures. A recent example of this is the “Goldoson malware” attack, which can lead you to ad fraud. The worst part is that all the 63 infected apps are widely popular with over 10M+ installs.
Do Not Fall for These Goldoson-Infected Apps
Primarily detected in popular apps in South Korea by McAfee, the Goldoson malware is part of a software library that had been used by all the infected apps unknowingly. According to McAfee’s report, the malware is capable of ad fraud. You will not even realize the existence of this malware on your device and it will continue to operate in the background, clicking ads without your consent.
It can collect data on the apps installed on your smartphone, Wi-Fi, GPS, and Bluetooth-connected devices. Now, how does it work? The report explains that whenever you launch any of the infected apps on your device, the Goldoson malware registers your device information into its library and receives your device configuration from a masked remote server.
This configuration will be able to decide the parameter of data-stealing and ad-clicking on your device. This includes the frequency of these actions as well as the type of data that the server can access.
Usually, the data from your device is sent to the masked server every 2 days. However, the level of infection also depends on the type and number of permissions you have assigned to the infected app. Even with robust security measures of Android 11 and above, Goldoson can easily access sensitive data from 10% of the apps. In