• Mon. Oct 16th, 2023

Goldoson: A New Android Malware That Infected 100 Million Smartphones

Avatar photo

ByEsme Greene

May 4, 2023
Goldoson infects 100 million smartphones and preys on privacy and advertising revenue
Esme Greene
Latest posts by Esme Greene (see all)

A new Android malware named “Goldoson” has infected 100 million smartphones by concealing itself inside other programs and stalking users invisibly.

The malware is blooming in 60 apps with 100 million downloads on Google Play. Unfortunately, the 60 apps that use the third-party library that the harmful component is a part of were unintentionally introduced by developers.

How does it work?

According to McAfee experts, the malware can collect data on programs that have been installed, Bluetooth and Wi-Fi-enabled devices, and the GPS location of the user. Moreover, Goldoson has the capacity to commit ad fraud by covertly tapping on banner ads.

When a user opens a program that makes use of Goldoson, the library enters the gadget and gets its settings from a distant server whose domain is masked. The configuration details what data-stealing and ad-clicking activities should be carried out on the affected system and how regularly.

When the ad-click feature is activated, the HTML code is downloaded, embedded in a secret WebView that may be customized, and then used to visit various URLs to generate ad money. The victim does not observe any activity on their device while this is happening.

Here are the signs of infection…

Here are the warning signals to watch out for if you’re worried about the likelihood of catching an infection:

  • an uncharacteristically high amount of Internet data utilization even when the gadget isn’t being utilized,
  • a hot device,
  • a rapidly depleting battery.

These are all signs that you have malware and adware infections.

Is there any solution to the problem?

The Google App Defense Alliance, which works to shield Google Play from malware and adware, counts McAfee as a member. As a result, Google was informed of the researchers’ findings, and the creators of the affected apps were notified.

Several developers got rid of the problematic library, and those apps that weren’t patched had to be taken off Google Play for breaking the store’s rules. If you downloaded an impacted app from Google Play, you should update to the most recent version immediately. However, be aware that you may also find Goldoson on unofficial Android app marketplaces. The likelihood that apps from these shops still include the harmful library is very high.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.