Research from the team at McAfee has just revealed that a new Android malware which has been named Goldoson has attacked the Google Play Store and infected 60 different apps. The apps collectively have over 100 million downloads, and now all Android users must be extra cautious. Here’s what we know so far.
What apps have been affected?
These apps were affected because when they were being developed, their creators unknowingly used a third-party library that had already been infected with the malware. Some of the affected apps include:
- L.POINT with L.PAY – 10 million downloads
- Swipe Brick Breaker – 10 million downloads
- Money Manager Expense & Budget – 10 million downloads
- GOM Player – 5 million downloads
- LIVE Score, Real-Time Score – 5 million downloads
- Pikicast – 5 million downloads
- Compass 9: Smart Compass – 1 million downloads
- GOM Audio – Music, Sync lyrics – 1 million downloads
- LOTTE WORLD Magicpass – 1 million downloads
- Bounce Brick Breaker – 1 million downloads
- Infinite Slice – 1 million downloads
- SomNote – Beautiful note app – 1 million downloads
- Korea Subway Info: Metroid – 1 million downloads
To get a list of all 60 apps and whether they’ve been removed or not, you can go to McAfee’s research report.
MORE: HUNDREDS OF BANKING APPS AT RISK FROM THE NEW NEXUS ANDROID TROJAN
What does the Goldoson malware do?
Goldoson has many capabilities, some of which include collecting data on installed apps, WiFi and Bluetooth-connected devices, and the user’s GPS locations. It also can click ads in the background without the user knowing, which causes ad fraud.
Once an Android user launches an app that is infected with Goldoson, the third-party library will register the device and get its configuration from a remote server whose domain has been tampered with. That configuration contains guidelines that tell Goldoson what data-stealing and ad-clicking functions to pursue and how often to pursue them. This data collection function will activate every two days and will resend the server different information including installed apps, geographical location history, and more.
Even the most recent Android models with the most updated software were affected, as Goldoson had enough permissions to gather sensitive data in 10% of the apps within these models.
Are the apps still active?
The developers of all the affected apps were notified immediately. Some did not respond efficiently and therefore had to have their apps removed entirely from the Google Play Store. Those who did respond promptly had to clean out their apps and remove the third-party library that contained Goldoson.
What if I have one of these apps on my phone?
Delete the app immediately
The best thing to do if you have one of these apps on your phone is to delete them immediately. Although Google has said that simply giving these apps their latest update would suffice, Goldoson still exists on third-party Android app stores and can still find its way back to your device. You’re better off deleting the app from your phone.
Download apps from a trustworthy source
Keep in mind that you should never download an app from a third-party source and only download apps that are well-reviewed directly from the Google Play Store (or Apple Store for those who have iPhones).
Have good antivirus software on all your devices
Antivirus software will protect you from installing malware onto your devices from any of these harmful apps. It will also remove existing malware from your devices as well as prevent you from clicking on malware-installing links in sneaky emails and texts.
My #1 antivirus pick for all of your devices TotalAV. Their product is full of features to keep you safe from malware and protect you when browsing the internet including ransomware protection, real-time antivirus protection, elimination of viruses and malware, a tool to free up your computer’s space, plus more.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Find my review of Best Antivirus Protection here.
Final thoughts
In light of the recent Goldoson malware attack on the Google Play Store, if you have an Android phone, you must be cautious when downloading apps and it’s important to keep your antivirus software up and running on all of your devices to protect against future threats.
Have you installed these apps or other harmful apps onto your Android? Let us know in the comments below.
Related:
- Hundreds of banking apps at risk from the new Nexus Android trojan
- New ‘Hook’ malware allows hijacking, real-time spying on Android devices