Android Apps Goldoson Malware: The prevalence of malware and ransomware attacks on Android devices has become a serious concern for users. Despite efforts by Google to enhance user security and privacy, cyber attackers continue to find ways to exploit vulnerabilities. A recent example is the “Goldoson malware” attack, which can deceive users and lead to ad fraud. This malware has infected 63 widely popular apps with over 10 million installs, primarily in South Korea, as detected by McAfee.
Android Apps Goldoson Malware: Details
The Goldoson malware is part of a software library that infected apps have unknowingly used. McAfee reports that this malware can engage in ad fraud without the user’s consent or knowledge. Once the infected app is launched on the device, the malware registers the device information into its library and receives device configuration from a masked remote server. This configuration determines the parameters of data-stealing and ad-clicking activities on the device, including the frequency of these actions and the type of data the server can access.
The data from the device is usually sent to the masked server every two days, but the level of infection depends on the permissions assigned to the infected app. Even with the enhanced security measures of Android 11 and above, Goldoson can still access sensitive data from approximately 10% of the apps. The malware performs its ad-clicking activity through hidden HTML code loading inside a customized WebView, which remains invisible to the user and shows no indication of an attack.
Some of the popular apps that have been infected with Android Apps Goldoson malware include:-
- Culture Land,
- Genie Music,
- TMAP,
- GOM Player,
- Swipe Brick Breaker,
- Money Manager Expense & Budget,
- LIVE Score,
- Lotte Cinema,
- Compass 9: Smart Compass,
- Megabox,
- Guninday,
- L.POINT with L.PAY,
- Brick Breaker,
- Real-Time Score,
- Pikicast,
- UBhind: Mobile Tracker Manager,
- GOM Audio – Music,
- Sync lyrics, GOM TV – All About Video,
- GOODTV,
- LOTTE WORLD Magicpass,
- Item Mania, Bounce
- Pump,
- Korea Subway Info: Metroid,
- Infinite Slice,
- SomNote – Beautiful note app,
- Happy Mobile, and Mafu Driving, among others.
While McAfee has worked with Google to contact developers and remove the infected apps from the Play Store, the risk of this malware persists. Suppose you have any of these apps installed on your device. In that case, the best action is to uninstall them immediately and consider performing a fresh format to ensure complete malware removal.
In conclusion, being vigilant and cautious while downloading and installing apps on your Android device is crucial. Always stick to trusted sources such as the Google Play Store, and regularly update your device and apps to the latest versions to stay protected against known vulnerabilities. Additionally, using reliable antivirus software can provide an extra layer of security. Remember, staying informed and taking proactive measures are the key to protecting your privacy and security in the ever-evolving landscape of mobile threats.