A new Android malware known as "Goldoson" found in 60 genuine apps with a combined total of 100 million downloads has entered Google Play.
According to BleepingComputer, the creators unintentionally inserted a third-party library into all sixty apps containing the harmful malware component.
The research team at McAfee found Android malware that is capable of gathering a variety of private data, including details on the user's installed apps, WiFi and Bluetooth-connected devices, and GPS coordinates.
Some of the affected apps are:
In addition, the report claims that it has the ability to engage in ad fraud by secretly clicking advertisements.
The library registers the device and gets its configuration from an obscured remote server when a user launches a Goldoson-containing app.
The configuration details the data-stealing and ad-clicking activities Goldoson should perform on the infected device, as well as how often.
According to the research, the data collecting mechanism is frequently set to activate every two days and send the C2 server a list of installed apps, a history of past whereabouts, the MAC addresses of devices linked via Bluetooth and WiFi, and other data.
The permissions supplied to the malicious software during installation as well as the Android version affect how much data is collected.
Although devices running Android 11 or later are better protected against arbitrary data collection, researchers discovered that Goldoson had enough rights to acquire sensitive data in 10 percent of the apps even in newer versions of the OS, the report mentioned.
"Users who installed an impacted app from Google Play can remediate the risk by applying the latest available update," BleepingComputer said in its report.
Ad revenue is generated by loading HTML code, injecting it into a tailored, hidden WebView, and then utilising that to carry out many URL requests.
The victim's device shows no evidence of this action.
Google's Threat Analysis gang shut down thousands of accounts in January that were connected to the "Dragonbridge" or "Spamouflage Dragon" gang, which spread false information favourable to China on multiple platforms.
The tech giant claims that Dragonbridge purchases new Google Accounts from bulk account vendors and that occasionally they have even utilised accounts that had previously been used by actors with financial motivations and were then used to post blogs and videos that spread misinformation.
(With IANS Inputs)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
PM Modi's Patna visit: From serving langar to historic roadshow
May 13, 2024 5:13 PM
Shehnai by Ustad Bismillah Khan's kin, ode to Kashi's celebrities: PM Modi's roadshow to showcase Varanasi's grandeur
May 13, 2024 11:03 AM