Security Researchers Issue Warning Against New Android Malware That Infiltrated Google Play Through 60 Apps With 100 Million Installs

A new Android malware is on the rise that has managed to infiltrate the Google Play Store through 60 leading apps with over 100 million downloads.

The malware has the ability to use all 60 platforms that developers included as a part of their apps, without even realizing it.

Some of those impacted include Money Manager Expense and Budget, Pikicast, Compass 9, Bounce Brick Breaker, Lotte World Magicpass, and GOM Player among so many others.

The news comes to us thanks to the researcher's team at McAfee that found out about the malware dubbed Goldson. It can take on data through downloaded applications as well as devices linked to both Wifi and Bluetooth, not to mention take onboard GPS locations.

In addition to that, it has the tendency to perform fraud in the world of advertising by enabling ad clicks in the background without taking the users’ permission.

So how exactly does this malware work and what effects can be expected from it? The answer is simple, it’s an Android malware that steals users’ data. Whenever the user launches such a platform that entails this malware, they get registered in the device and get configuration through remote servers with obfuscated domains.

This type of configuration entails various parameters that align the types of data-stealing and ad-clicking opportunities features run through infected devices.

As a whole, the entire data collection feature can activate in two days and it sends out to the C2 server an entire list featuring the downloaded apps with location history and MAC address.

The amount of data collected is dependent on permissions granted to the app during the download process as well as the Android version. Meanwhile, both Android 11 and above can stay protected against data collection done through arbitrary means. But McAfee did realize that recent variants of the malware provided enough allowance to get sensitive details in nearly 10% of platforms.

This new ad-clicking feature takes on loading through HTML codes and ends up injecting it into more customized settings and using that to produce several URL visits that produce advertising revenue.
Yes, the library from Google has been removed but does that mean the risk is no longer present? No, that’s not the case. Google Play is being looked after thanks to McAfee which makes it aware of the growing number of threats in this world. But developers still feel the risk is there.

Developers are getting rid of offending libraries and any apps that failed to generate responses in the respective time were deleted too as per the store’s policies. Google recently spoke during an interview where it confirmed how its main goal right now was to focus on apps that violate its policies and if they see it, they remove it.

Therefore, all developers are being given warnings about this ordeal too. But if a user has had the misfortune of installing them, they can reverse the risk by adding the newest updates.

Read next: Insights on the most downloaded social media apps in March 2023
Previous Post Next Post