100 Million downloads compromised by Android malware infection

  • Facebook
  • Twitter
  • Reddit
  • Flipboard
  • Email
  • WhatsApp
100 Million downloads compromised by Android malware infection (Image: pixabay.com)
100 Million downloads compromised by Android malware infection (Image: pixabay.com)

Delhi : A new Android malware known as "Goldoson" that has been found in 60 genuine applications with a combined total of 100 million downloads has entered Google Play. The creators unintentionally inserted a third-party library into all sixty of the programmes, which contains the harmful malware component.

The research team at McAfee found Android malware that is capable of gathering a variety of private data, including details on the user's installed apps, WiFi and Bluetooth-connected devices, and GPS coordinates.

In addition, the report claims that it has the ability to engage in ad fraud by secretly clicking advertisements.

The library registers the device and gets its configuration from an obscured remote server when a user launches a Goldoson-containing app.

The configuration details the data-stealing and ad-clicking activities Goldoson should perform on the infected device, as well as how often.

The data collecting mechanism is often configured to activate every two days, sending a list of installed applications, a history of past whereabouts, MAC addresses of devices linked via Bluetooth and WiFi, and other data to the C2 server, according to the research.

The permissions supplied to the malicious software during installation as well as the Android version affect how much data is gathered.

Researchers found that Goldoson had adequate privileges to obtain sensitive data in 10% of the applications, even in newer versions of the OS, even though Android 11 and later are more secured against arbitrary data gathering, the paper stated.

By loading HTML code, inserting it into a tailored, hidden WebView, and then utilising it to carry out many URL requests, advertising revenue is produced. The victim's device shows no evidence of this action.

Google's Threat Analysis gang shut down hundreds of accounts in January that were connected to the "Dragonbridge" or "Spamouflage Dragon" gang, which spread false material favourable to China on multiple platforms.

The tech giant claims that Dragonbridge purchases new Google Accounts from bulk account vendors and that occasionally they have even utilised accounts that had previously been used by actors with financial motivations and were then used to publish blogs and videos that spread misinformation.