Goldoson Infiltrates Google Play – Official Isn’t Necessarily Safe

Android users have always had the dilemma of where to get their apps from. Unofficial sources tend to host malware, but what if none other than Google Play Store is no different? It happened before, and it’s happening again – 60 apps on Google Play Store hosted the Goldoson malware.

The bigger problem doesn’t lie in the infiltration itself; it’s how the malware got there. Developers unknowingly added a third-party library containing the malware to their apps, and unfortunately, they harnessed more than 100 million installations.

The malware has a lot of capabilities, and none of them is pleasant. What is this huge breach all about? How does Goldoson operate? Find out in the following article.

Goldoson Lurks Freely – Apps with 100 Million Downloads

Android users had their fair share of malware infiltration back in 2022. Google Play Store itself saw a lot of such incidents throughout the year as multiple malware families spread through apps within the Android Store’s library.

Whether it’s Sharkbot or Xenomorph, Android operators had a really tough year. However, this year doesn’t seem to be any different.

So what’s up with Goldoson? As we mentioned, the malware is part of a third-party library that developers added to their apps without knowing of its existence.

According to the report by McAfee, Goldoson can perform several malicious practices once it takes root within a device. It can collect data on installed apps, WiFi and Bluetooth-connected devices, and the user’s GPS locations.

Not only that, but it can also work some malicious magic in the background. Goldoson has the ability to generate ad fraud by clicking ads in the background without the user’s knowledge or consent, making it a very dangerous malware to host on a device.

Here’s how everything takes place. Once the user downloads one of the infected apps and launches it, the device gets registered and configured on a remote server with an obfuscated domain.

Once configured, it can set the parameters that determine what ad-clicking and data-harvesting functions the malware is going to run on the infected device.

To sum up, these are some of the 60 applications in question:

• L.POINT with L.PAY – 10 million+
• Swipe Brick Breaker – 10 million+
• Money Manager Expense & Budget – 10 million+
• TMAP – 대리,주차,전기차 충전,킥보 – 10 million+
• 롯데시네마  – 10 million+
• 지니뮤직 – genie – 10 million+
• 컬쳐랜드[컬쳐캐쉬] – 5 million+
• GOM Player – 5 million downloads
• LIVE Score, Real-Time Score – 5 million downloads
• Pikicast – 5 million downloads
• Compass 9: Smart Compass – 1 million downloads
• GOM Audio – Music, Sync lyrics – 1 million downloads
• LOTTE WORLD Magicpass – 1 million downloads
• Bounce Brick Breaker – 1 million downloads
• Infinite Slice – 1 million downloads
• SomNote – Beautiful note app – 1 million downloads
• Korea Subway Info: Metroid – 1 million downloads

The list provided above is merely a small part of the actual number of infected applications. To check every single app hosting the Goldoson malware, you can give McAfee’s report a thorough read.

Google Play Store At It Again – More Malware in Official Sources

When we speak about Android devices, security comes to mind first. The devices allow you to download anything, regardless of the source. However, security-savvy individuals always rely on Google Play Store as it’s the trusted library for downloads.

Cybercriminals prey on that, and as they upgrade their techniques, they’re infiltrating the App Store in several ways, deeming everyone as NOT SAFE.

Whenever you download an app, make sure to read the reviews section. That way, you’ll learn from previous experiences before you fall into this predicament as they did.