San Francisco: A new Android malware named Goldoson has entered Google Play, which has been detected in 60 apps with 100 million downloads. As BleepingComputer reports, the malicious malware component has been integrated into a third-party library that developers inadvertently included in all sixty apps. The Endyou malware, discovered by the research team, is capable of collecting a range of sensitive data, including information on a user’s installed apps, Wi-Fi and Bluetooth connected devices, and GPS locations.
Additionally it can commit ad fraud by clicking on ads in the background without the user’s consent When a user runs an app containing GoldoSon, the library registers the device and receives its configuration from a spoofed remote server. The setup specifies how and how often Goldoson should perform the data-stealing and ad-clicking functions on the infected device.
Furthermore, the report states that the data collection mechanism is usually set to activate every two days, collecting the list of installed apps, geolocation history, MAC addresses of devices connected via Bluetooth and WiFi, and Transmits other information to the C2 server. The amount of data collected is determined by the permissions granted to the infected app during installation as well as the Android version.
Although Android 11 onwards are better protected against arbitrary data collection. The researchers found that Goldoson had sufficient rights to acquire sensitive data in 10 percent of apps, even in newer versions of the OS, as noted in the report. Ad revenue is generated by loading HTML code and sending it to a customized, hidden By injecting into webview and then using it multiple url visits are generated to execute.
There is no indication of this action on the victim’s device. In January, Google’s Threat Analysis Group terminated thousands of accounts linked to a group called DragonBridge, or Spamoflaze Dragon, that disseminated pro-Chinese disinformation on various platforms. According to the tech giant, DragonBridge gets new Google accounts from wholesale account sellers, and has sometimes even used accounts previously used by financially motivated actors to post misinformation videos and blogs.
Read the Latest India News Today on The Eastern Herald.