top of page

New Android malware strain named Goldoson detected in Google Play Store

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in question and is capable of gathering information about installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations. "Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user's consent," McAfee security researcher SangRyol Ryu said in a report published last week. What's more, it includes the ability to stealthily load web pages, a feature that could be abused to load ads for financial profit. It achieves this by loading HTML code in a hidden WebView and driving traffic to the URLs. Following responsible disclosure to Google, 36 of the 63 offending apps have been pulled from the Google Play Store. The remaining 27 apps have been updated to remove the malicious library. Some of the prominent apps include - The findings highlight the need for app developers to be transparent about the dependencies used in their software, not to mention take adequate steps to safeguard users' information against such abuse. The findings of the McAfee report are concerning, to say the least. Over 100 million people have downloaded the apps that contain the Goldoson malware, and it has the potential to do a lot of damage. The good news is that Google has been notified and has taken action, but this is a good reminder to be careful when downloading apps. Always research an app before downloading it, and make sure to read the reviews. If something seems fishy, it probably is. In this case, it would have been obvious that something was wrong if the app developers had been transparent about the dependencies they were using. So, this is also a good reminder to only download apps from developers that you trust.


bottom of page