Goldoson Android Malware Target Korean Users Via Legit Apps

Researchers have spotted a new Android malware “Goldoson” actively targeting users in South Korea via legit apps. The malware-infected apps garnered over 100 million downloads before the malware caught attention. Android users must review the apps installed on their devices to ensure not running any malicious apps, especially those spreading

Goldoson Android Malware

Goldoson Android Malware Found Running Active Campaigns

According to a recent report from McAfee, their researchers have found a new Android malware that ruined numerous legit apps.

Identified as “Goldoson,” the malware is actually a malicious library that sneakily infected the apps, generating malicious app updates, to reach users’ devices. (Though, it remains unclear if the threat actors deliberately deployed the apps via different author accounts to leave no link between the apps and the malware, or if the app developers themselves had fallen victim to the threat.)

Briefly, McAfee researchers observed Goldoson executing various malicious functionalities, such as stealing device information, logging GPS locations, and tracking Bluetooth and WiFi-connected devices’ history. The malware keeps sending the collected data to the C&C to receive further commands. Also, Goldoson executes ad fraud by running malicious apps in the background.

When detected, McAfee noticed the Goldoson campaign had targeted millions of users. Specifically, they found around 60 different apps on the Google Play Store running the malicious library. Together, these apps boasted over 100 million downloads hinting at the exceptionally high number of victims of this malware.

Besides, the campaign seems typically aimed at South Korean users, where it also garnered over 8 million downloads via malicious apps on ONE store – a popular Korean app store.

Upon detecting this campaign, the researchers notified Google about it, following which, the tech giant addressed the matter. Hence now, the researchers confirmed numerous malicious apps to have been removed from the Play Store. Whereas some other apps’ developers rolled out clean updates for the users.

The researchers have shared the list of all apps and malicious domains in their report. So now, users must review the list to ensure their devices are not running any of those apps.

Attribution link