 "Android malware infects 60 Google Play apps with 100 million downloads")
Google Play has been infiltrated by a new Android malware called 'Goldoson', which has been discovered in 60 legitimate apps with a combined total of 100 million downloads.
The malicious malware component is integrated into a third-party library that the developers inadvertently incorporated into all sixty apps, reports BleepingComputer.
The Android malware, discovered by McAfee's research team, is capable of collecting a range of sensitive data, including information on the user's installed apps, WiFi and Bluetooth-connected devices, and GPS locations.
Additionally, it can perform ad fraud by clicking ads in the background without the user's consent, according to the report.
When a user runs a Goldoson-containing app, the library registers the device and obtains its configuration from an obfuscated remote server.
The setup specifies the data-stealing and ad-clicking functions Goldoson should do on the infected device and how frequently.
Moreover, the report said that the data collection mechanism is commonly set to activate every two days, transmitting a list of installed apps, geographical position history, MAC addresses of devices connected via Bluetooth and WiFi, and other information to the C2 server.
The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Although Android 11 later are better protected against arbitrary data collection, researchers discovered that Goldoson had enough rights to acquire sensitive data in 10 per cent of the apps even in newer versions of the OS, the report mentioned.
Ad income is generated by loading HTML code and injecting it into a customised, hidden WebView, and then using that to execute numerous URL visits.
There is no indication of this action on the victim's device.
In January, Google's Threat Analysis Group terminated thousands of accounts associated with a group known as 'Dragonbridge' or 'Spamouflage Dragon' that disseminated pro-Chinese disinformation on various platforms.
According to the tech giant, Dragonbridge gets new Google Accounts from bulk account sellers, and at times they have even used accounts previously used by financially motivated actors repurposed for posting disinformation videos and blogs.
--IANS
shs/dpb
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app