This dangerous new Android malware has infiltrated apps with over 100 million installs

News
By Sead Fadilpašić
published

Roughly 60 popular Android apps were compromised

Samsung Galaxy S23 hands on display macro
(Image credit: Future | Alex Walker-Todd)

In the latest example of supply chain attack shenanigans, unnamed hackers have reportedly managed to compromise 100 million Android devices with data-harvesting malware.

Cybersecurity researchers from McAfee recently discovered a third-party library that they dubbed Goldoson.

The library was added to 60 extremely popular Android apps that users can download via the Play Store and the OneStore (Play Store’s biggest competitor in South Korea). The library was malicious and collects data on installed apps, data on Wi-Fi- and Bluetooth-connected endpoints, and GPS location data.

Adware

The researchers describe Goldoson as “privacy-invasive and clicker Android adware”, as it can click on ads in the background, without the device owner’s consent. The targets are mostly South Korean, it would seem. 

Some of the most popular Android apps that fell prey to this attack are L.POINT with LPAY, Swipe Brick Breaker, and Money Manager Expense & Budget, all of which have in excess of 10 million downloads. 

Then there’s GOM Player, LIVE Score, Real-Time Score, and Pikicast, with five million downloads each, and a handful of other apps with more than a million downloads. 

Read more

> This dangerous Android malware is seeing a huge rise in infections

> Dangerous new 'Hook' Android malware lets hackers remotely control your phone

> Check out the best identity theft protection at the moment

The amount of data stolen from a device depends on the permissions each app has on the smartphone. According to BleepingComputer, Android 11 and newer versions are better protected against arbitrary data collection, but even in that case, McAfee found Goldoson being able to extract data in 10% of the apps. 

The researchers notified Google about their findings which, in turn, raised the question with the apps’ developers, who were told their apps now violated Google Play policies. While most developers acted promptly and updated their apps to remove the malicious content, some failed to respond. Google removed these apps from the app repository, it was said. 

Therefore, to stay safe from malicious adware and data-harvesting malware, make sure to update your apps to the latest version. If some of your apps are no longer available on the Play Store, it might be best to remove them.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.