Google Play has been reportedly infiltrated by a new Android malware called 'Goldoson', which has been discovered in 60 legitimate apps with a combined total of 100 million downloads.
BleepingComputer reported that the malicious malware component is integrated into a third-party library which the developers inadvertently incorporated into all sixty Android applications.
ALSO READ: LinkedIn brings new ways to verify identity, work
The Android malware was discovered by McAfee's research team which stated that it can collect a range of sensitive data, including information on the user's installed apps, WiFi, GPS locations and Bluetooth-connected devices.
Furthermore, it can perform ad fraud by clicking ads in the background without the user's consent, the report further stated.
When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an uncleared remote server.
ALSO READ: Best smartphones under Rs 12,000
The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.
The amount of data collected is determined by the permissions granted to the infected app during installation and the Android version.
ALSO READ: Dyson Purifier Hot+Cool- HP07 Review: Best air purifier with temperature control
Although Android 11 and later are protected against arbitrary data collection, researchers discovered that Goldoson had enough rights to acquire sensitive data in 10 per cent of the apps- even in the newer versions of the OS, the report stated.
Ad income has been generated by loading HTML code and injecting it into a customised, hidden WebView, and then using that to execute numerous URL visits.
There is no indication of this action on the victim's device.
In January 2023, Google's Threat Analysis Group terminated thousands of accounts associated with a group known as 'Dragonbridge' or 'Spamouflage Dragon' that disseminated pro-Chinese disinformation on various platforms.
According to the tech giant, Dragonbridge gets new Google Accounts from bulk account sellers, and at times they have even used accounts previously used by financially motivated actors repurposed for posting disinformation videos and blogs.
Inputs from IANS
