A new Android malware named 'Goldoson' has infiltrated Google Play through 60 legitimate apps that collectively have 100 million downloads.
The malicious malware component is part of a third-party library used by all sixty apps that the developers unknowingly added to their apps.
Some of the impacted apps are:
- L.POINT with L.PAY - 10 million downloads
- Swipe Brick Breaker - 10 million downloads
- Money Manager Expense & Budget - 10 million downloads
- GOM Player - 5 million downloads
- LIVE Score, Real-Time Score - 5 million downloads
- Pikicast - 5 million downloads
- Compass 9: Smart Compass - 1 million downloads
- GOM Audio - Music, Sync lyrics - 1 million downloads
- LOTTE WORLD Magicpass - 1 million downloads
- Bounce Brick Breaker - 1 million downloads
- Infinite Slice - 1 million downloads
- SomNote - Beautiful note app - 1 million downloads
- Korea Subway Info: Metroid - 1 million downloads
According to
McAfee's research team, which discovered Goldoson, the malware can collect data on installed apps, WiFi and Bluetooth-connected devices, and the user's GPS locations.
Additionally, it can perform ad fraud by clicking ads in the background without the user's consent.
