According to information provided by digital security experts, around 60 applications available on Google Play were infected by new malware never before tracked.
The virus, called 'Goldoson', was infiltrated into a file library used jointly by the 60 apps that were infected.
see more
Alert: THIS poisonous plant landed a young man in the hospital
Google develops AI tool to help journalists in…
As far as is known, application developers were not aware of the infection until the first alerts were issued.
Some of the main infected apps are:
- Swipe Brick Breaker;
- Money Manager expenses and budget;
- Pikicast;
- Compass 9: Smart Compass;
- GOM Audio – Music, lyrics sync;
- Lottel World Magicpass;
- Bounce Brick Breaker;
- InfiniteSlice;
- SomNote – beautiful notes app.
According to researchers from the company that controls McAfee's antivirus, responsible for discovering Goldoson, this malicious software is capable of obtaining information about the installed applications, devices connected through WiFi and Bluetooth, and the GPS location of the user.
Additionally, Goldoson may perform background ad clicks without the user's consent, which may result in serious consequences for the affected device.
Understand how the virus works
When a user launches an application containing Goldoson, a library registers the device and, in parallel, it receives its configuration from a remote server whose location has not yet been identified by the researchers.
The submitted configuration includes parameters that determine which data-stealing and ad-clicking functionality Goldoson should run on the infected device.
Data collection is usually activated every two days, sending the malware server a list of installed applications, geolocation history, addresses of devices connected by Bluetooth and WiFi, and other personal information from the user.
The level of data collection performed by Goldoson varies according to the permissions granted during installation of the infected app, as well as the version of Android present on the device affected.
According to the experts responsible for discovering Goldoson, Android versions from 11 have better protection against this virus.
However, McAfee has identified that even on newer versions of the operating system, the malware still has sufficient permissions to collect sensitive data in about 10% of applications.
Ad clicks occur when special HTML codes are injected into a hidden custom WebView.
These codes are used to visit various websites automatically, generating ad revenue. From there, these revenues are directed to the server run by the cybercriminals who control Goldoson.
It is important to note that none of these criminal activities are noticeable to the device owner, even if superficial investigations are carried out.
Measures to eliminate malware are being taken
Upon identifying Goldoson in its app store, Google immediately notified developers to clean the libraries of infected apps as soon as possible.
McAfee's team of researchers is part of the Google App Security Council. For this reason, there was greater speed in the presentation of measures to contain the malware.
Apps that were not properly sanitized by their developers had to be removed from Google Play.
In a statement sent to the BleepingComputer website team, Google said it was committed to the safety of its users.
“The security of users and developers is at the heart of Google Play's concerns. When we find apps that violate our policies, we take appropriate action," the company said in a statement.
The company recommends that users of infected applications update them in order to receive packages containing fixes.
Furthermore, it is always important to point out that, to avoid malware infections on Android, it is best to only download applications from the official Google store. Third party apps do not have any security guarantees.
In addition, it is crucial to pay attention to signs such as cell phone overheating, excessive use of internet packages for no apparent reason and abnormal device battery drain. These are classic signs of a malware infection.
Graduated in History and Human Resources Technology. Passionate about writing, today he lives the dream of acting professionally as a Content Writer for the Web, writing articles in different niches and different formats.