Goldoson malware, a new Android malware outbreak, has been found in over 60 genuine Google Play Store apps with over 100 million downloads. ONE shop, a popular South Korean third-party app marketplace, has logged eight million more installations. The rogue component, part of a third-party software library utilized by the apps, can collect information about installed apps, Wi-Fi and Bluetooth devices, and GPS positions.
“Furthermore, the library is armed with the functionality to execute ad fraud by clicking advertising in the background without the user’s knowledge,” McAfee security researcher SangRyol Ryu wrote last week. It can covertly load web pages, which might be used to serve adverts for profit. It drives traffic to URLs by loading HTML code in a hidden WebView.
Goldoson malware was detected and 36 of the 63 problematic apps were removed from Google Play store after responsible disclosure. Updates removed the harmful library from the remaining 27 apps. The findings show that app developers must be clear about their software’s dependencies and protect users’ data from exploitation.
Kern Smith, Zimperium vice president of sales engineering for the Americas, said, “Attackers are growing increasingly clever in their attempts to infect otherwise legal applications across platforms.” “As attackers target the software supply chain to obtain the broadest footprint, third-party SDKs and code and their potential to insert malicious code into otherwise legitimate apps is only growing.”
Cyble revealed Chameleon, an Android banking trojan targeting Australia and Poland since January 2023. The virus uses Android’s accessibility services to steal credentials and cookies, log keystrokes, prevent removal, and other malicious operations, making it similar to other banking malware.
It also intercepts SMS messages, displays rogue overlays on a specific list of apps, and has an unused functionality to download and execute another payload. Chameleon uses anti-emulation checks to terminate itself if the device is rooted or in a debugging environment.
How To Avoid Downloading Goldoson Malware From Google Playstore.
It’s essential to take precautionary measures to protect your device from malicious software or Goldoson malware. With over 3.8 million apps available on Google Play Store, take note of the following to stay safe while downloading apps from Google Play Store:
- Research the App:
Before downloading any app, do your research on it. Read reviews, ratings, and comments left by other users. Check if the developer has a website and if it looks legitimate. Look for contact information and social media profiles.
- Check App Permissions:
App permissions are a vital aspect of app security. Always read the permissions requested by the app before downloading it. It could be a red flag if the app requests unnecessary permissions, such as access to your contacts, camera, or location.
- Install Anti-Malware Software:
Installing anti-malware software on your device can help protect it from potential threats. There are many anti-malware apps available on the Google Play Store that can scan and detect malicious software. Consider downloading and using one of these apps.
- Keep Your Device and Apps Updated:
It’s essential to keep your device and apps updated to ensure that they are secure. Regularly updating your device and apps can help prevent security vulnerabilities. Developers release updates to address security issues and improve app performance.
- Avoid Third-Party App Stores:
Avoid downloading apps from third-party app stores as they are not as secure as the Google Play Store. Third-party app stores may contain apps with malicious software. Stick to downloading apps from the Google Play Store.
- Don’t Download Unverified Apps:
Only download apps from verified developers. Developers who are verified have gone through a verification process to ensure their legitimacy. If an app is not verified, it could be a red flag.
- Be Cautious of Pop-Ups:
Avoid clicking on pop-ups or ads that claim to offer free apps or rewards. These pop-ups may contain malicious software that can harm your device.
- Use Two-Factor Authentication:
Enable two-factor authentication for your Google account. Two-factor authentication protects your account from hackers.
Conclusion
Goldoson malware, a new Android malware outbreak, has been found in over 60 simple Google Play Store apps with over 100 million downloads. ONE shop, a popular South Korean third-party app marketplace, has logged eight million more installations. The rogue component, part of a third-party software library utilized by the apps, can collect information about installed apps, Wi-Fi and Bluetooth devices, and GPS positions. “Furthermore, the library is armed with the functionality to execute ad fraud by clicking advertising in the background without the user’s knowledge,” McAfee security researcher SangRyol Ryu wrote last week. It can covertly load web pages, which might be used to serve adverts for profit. It drives traffic to URLs by loading HTML code in a hidden WebView. 36 of the 63 problematic apps were removed from Google Play after responsible disclosure.
Updates removed the harmful library from the remaining 27 apps and Goldoson malware. The findings show that app developers must be clear about their software’s dependencies and protect users’ data from such exploitation. Kern Smith, Zimperium vice president of sales engineering for the Americas, said, “Attackers are growing increasingly clever in their attempts to infect otherwise legal applications across platforms.” “As attackers target the software supply chain to obtain the broadest footprint, third-party SDKs and code and their potential to insert malicious code into otherwise legitimate apps is only growing.”
Cyble revealed Chameleon, an Android banking trojan targeting Australia and Poland since January 2023. The virus uses Android’s accessibility services to steal credentials and cookies, log keystrokes, prevent removal, and other malicious operations, making it similar to other banking malware. It also intercepts SMS messages, displays rogue overlays on a specific list of apps, and has an unused functionality to download and execute another payload. Chameleon uses anti-emulation checks to terminate itself if the device is rooted or in a debugging environment. Users should only download apps from reputable sources, check app permissions, use strong passwords, activate multi-factor authentication, and be wary of unsolicited SMS and emails.
