A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.
An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.
The rogue component is part of a third-party software library used by the apps in question and is capable of gathering information about installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations.
“Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user’s consent,” McAfee security researcher SangRyol Ryu said in a report published last week.
What’s more, it includes the ability to stealthily load web pages, a feature that could be abused to load ads for financial profit. It achieves this by loading HTML code in a hidden WebView and driving traffic to the URLs.
Following responsible disclosure to Google, 36 of the 63 offending apps have been pulled from the Google Play Store. The remaining 27 apps have been updated to remove the malicious library.
For the full story, visit https://thehackernews.com/2023/04/goldoson-android-malware-infects-over.html