This new malware discovered on android may already be on your smartphone. Called “Goldoson”, the latter has indeed infiltrated 60 authentic applications downloaded as a whole 100 million times on Google Play.
As specified Bleeping Computerthis malware is actually linked to a compromised third-party library, having been used in good faith by the developers of the affected applications.
Discovered by the team of security researchers from the American McAfee, Goldoson is notably capable of collecting data on installed applications, but also of consulting the list of devices connected to Wi-Fi and Bluetooth, as well as the positions User’s GPS. We also learn that the malware can also be used for advertising fraud. It is indeed able to work in the background to continuously click on advertisements without the user being notified.
How does Goldoson work?
In detail how it works, Goldoson begins its activities when the user launches a previously infected application. Its library registers the device and receives its configuration from a remote server whose domain is masked, explains Bleeping Computer. The information allowing to set up the procedures of data theft and advertising clicks is then downloaded. The hacker in control of the malware can take advantage of this to configure the frequency and conditions for triggering these malicious actions.
In this case, the collection of data would most often be done every two days, with the key to sending this information to the remote server. This frequency of collection depends on the level of authorization granted to the infected applications at the time of their installation.
We also learn that if Android 11 and later versions are better protected against Goldoson, the latter still manages to obtain enough authorizations to collect sensitive data with 10% of the applications on which he managed to clear his way. The user has no way of knowing that his device is affected.
Here is the list of applications to uninstall:
- 롯데시네마
- 지니뮤직 – genius
- 컬쳐랜드[컬쳐캐쉬]
- GOM Player
- 메가박스(Megabox)
- LIVE Score, Real-Time Score
- Pikicast
- Compass 9: Smart Compass
- GOM Audio – Music, Sync lyrics
- 곰TV – All About Video
- 전역일 계산기 디데이 곰신톡–군인
- 아이템매니아 – 게임 아이템 거래
- LOTTE WORLD Magic pass
- Bounce Brick Breaker
- Infinite Slice
- 나홀로 노래방–쉽게 찾아 이용하는
- SomNote – Beautiful note app
- Korea Subway Info: Metroid
- 해피스크린 – 해피포인트를 모으
- 스피드 운전면허 필기시험
- 이상형 월드컵
- CU편의점택배
- 스마트녹음기 : 음성녹음기
- 캣메라 [순정 무음카메라]
- 컬쳐플러스:컬쳐랜드 혜택 더하기
- 창문닫아요(미세/초미세먼지/WHO
- 롯데월드타워 서울스카이
- Snake Ball Lover게토(geto) – PC방게이머필수앱
- 기억메모 – 심플해서 더 좋은 메모장
All risk is not yet ruled out
The McAfee researchers escalated their findings to Google and also notified developers of the apps affected by Goldoson. According to Bleeping Computer, most savvy developers have taken the necessary steps to remove the rogue library from their application in time; the others saw their app removed from Google Play.
” User and developer safety is at the heart of Google Play. When we find apps that violate our policies, we take action “commented Google to the specialized site. ” We’ve notified developers that their apps violate Google Play policies and that patches are needed to bring them into compliance “.
Users can delete the applications concerned if they used them, or simply update them to take advantage of the corrections made by their developers. The complete list of affected applications, and their current status, can be viewed here. Note, however, that Goldoson remains relevant, especially on independent application stores. We must therefore remain vigilant.
As a reminder, there are signs suggesting that your smartphone may be affected by malware: disproportionate heating, discharging the battery too quickly, or abnormal use of cellular and Internet data. So many clues that can put the flea in the ear.
Source : Bleeping Computer
13