Unfortunately, 2023 isn’t the year that we’re going to stop finding malware on the Google Play store. Last week, McAfee’s Mobile Research Team shared a list of more than 60 Android apps containing a malicious software library which it named Goldoson. Altogether, the infected apps have accumulated over 100 million downloads between them.
Delete these infected Android apps ASAP
As McAfee’s research team explains, the developers unknowingly added a malicious software library to their apps capable of collecting lists of installed apps, a history of WiFi and Bluetooth connections, and nearby GPS locations. Goldoson can also perform ad fraud by clicking ads in the background without the user’s knowledge or consent.
Once an app containing Goldoson is opened, the library registers the device and receives its configuration from a remote server. After the library is configured, it will start to pull information from the device and send it to the server. Goldoson is also capable of covertly visiting sites on its own to load and click on ads for financial gain.
McAfee, a member of the App Defense Alliance, reported the apps to Google, which promptly notified the developers that their mobile apps were in violation of Google Play policies. Some developers updated their apps to remove the malicious library, but those that didn’t have had their apps removed from the app store until they can comply.
Here are some of the most popular apps on the list that have been removed from the store:
- Swipe Brick Breaker | 10M+ downloads
- Pikicast | 5M+ downloads
- Compass 9: Smart Compass | 1M+ downloads
- Bounce Brick Breaker | 1M+ downloads
- SomNote – Beautiful note app | 1M+ downloads
- UBhind: Mobile Tracker Manager | 1M+ downloads
Be sure to visit the blog post to see the full list of apps. These apps are clearly targeted at a South Korean audience, but given how popular they all are, there’s a chance that one or two found their way onto your phone. Better safe than sorry.