Malware discovered in 60 Android apps with over 100 million downloads

midian182

Posts: 9,665   +121
Staff member
In brief: Despite Google's safeguards for keeping malware-infected apps off its Play Store, malicious software still slips through the cracks. The latest of these is a privacy-stealing ad-clicker found in 60 apps that had been downloaded over 100 million times.

McAfee's mobile research team discovered a third-party software library it named Goldoson, which collects sensitive information and performs ad fraud. However, the developers who used Goldoson didn't realize that they were adding a malicious malware component to their programs.

Once installed, Goldoson is able to collect data on the apps installed on a device, a history of WiFi and Bluetooth-connected devices, and nearby GPS locations.

But the most insidious part of the malware is that it can also perform fraud by clicking ads in the background without a user's consent. This is achieved by the library loading HTML code and injecting it into a customized, hidden WebView, using it to visit multiple URLs to generate ad revenue – all without the user realizing what's happening.

McAfee writes that once an app that uses Goldoson is installed, the library registers the device and receives its remote configurations at the same time the app runs. The library name and the remote server domain vary with each application, and the latter is obfuscated.

Some of the affected apps with the largest number of downloads include L.Point with L.Pay, Swipe Brick Breaker, Money Manager Expense & Budget, GOM Player, Live Score, GOM Audio, and Compass 9. There have been more than 100 million downloads of these apps through the Google Play Store, while around 8 million came from the ONE store, Korea's leading app store. Check out all the impacted apps here.

The good news is that users with devices running Android 11 and above are more protected against apps that attempt to gather information on other applications installed on a device. However, McAfee found that even on the latest version of the operating system, Goldoson was able to collect sensitive information on around 10% of installed apps. How much data is collected depends on how many permissions a user grants the app during the installation process.

McAfee reported the offending apps to Google, which in turn notified the developers that their apps violated Google Play policies and needed fixing. Those who didn't respond in time had their apps removed from the Play Store, while the apps that remain have been updated by their devs. Anyone who may have installed one of these apps should update them to their latest versions.

Permalink to story.

 
On how malware was presented in this article, first thing I did was to check if I have Facebook or Instagram preinstalled on my phone.
Happy to report that they are not preinstalled, and of course, I do not install or use malware :p
 
Last edited:
Things like this is what forced Google to do more sandboxing of apps like Apple. There are simply too many attack vectors to allow apps the amount of access they used to.
 
But the most insidious part of the malware is that it can also perform fraud by clicking ads in the background without a user's consent.

Google has always turned a blind eye when it comes to adverts. Typical google search of softwares are filled with ads to the point where the real software only comes 3rd on the search result.

 
Yes they finally crack the code in Java app used on both Android OS & iOS malware. Really a shame too much.. When you search for apps on Google Play the first one that comes up is the safer one the others after too much bloat in them. Avoid Droid site full of malware.. Just have to be careful what you use today for apps.
 
On how malware was presented in this article, first thing I did was to check if I have Facebook or Instagram preinstalled on my phone.
Happy to report that they are not preinstalled, and of course, I do not install or use malware :p
I do not use Facebarf, Instagroan,Twit or any banking app on my phone, not enough security! I am old school, only phone,text and look up addresses!😁😁
 
Back