The malware is capable of collecting a range of sensitive data, including information on the user’s installed apps, WiFi and Bluetooth-connected devices, and GPS locations.
10 crore Android users are under attack as a new malware has infiltrated Google Play store. The new Android malware called 'Goldoson' has been discovered in 60 legitimate apps including Swipe Brick Breaker, Money Manager Expense & Budget, and L.POINT with L.PAY which have more than 10 million downloads each.
The malware has been discovered by McAfee's research team. The malware is capable of collecting a range of sensitive data, including information on the user’s installed apps, WiFi and Bluetooth-connected devices, and GPS locations. Additionally, it can perform ad fraud by clicking ads in the background without the user's consent, according to the report.
As per a report by BleepingComputer, the malicious malware component is integrated into a third-party library that the developers inadvertently incorporated into all sixty apps. When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server.
The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.
The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Although devices with Android 11 letter are better protected against arbitrary data collection, researchers discovered that Goldoson had enough rights to acquire sensitive data in 10 percent of the apps even in newer versions of the OS, the report mentioned.
Ad income is generated by loading HTML code and injecting it into a customised, hidden WebView, and then using that to execute numerous URL visits. There is no indication of this action on the victim’s device. (with inputs from IANS)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Image used for representative purpose only.")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}