In case you missed it, the McAfee Mobile Research Team (MMRT) revealed last week that it discovered more than 60 legitimate Google Play apps with a new Android malware called "Goldoson."
MMRT made it clear that this malware was not made by the developers of the infected apps. Instead, it's a malicious third-party library the developers used, but it's unclear whether they knowingly — with ill intent — injected Goldoson into their apps.
What does Goldoson do?
If an unwitting victim downloads a Goldoson-infested app, their personal and sensitive data is at risk. Once the quarry grants the malicious app certain permissions, it can grab the following information:
- Sensitive data from the victim's installed apps
- Location history
- MAC address of Bluetooth and Wi-Fi nearby
- GPS data
McAfee researchers insinuated that the Wi-Fi and Bluetooth device information is actually far more alarming than the GPS data. With this data, cybercriminals can extract your Basic Service Set Identifier (BSSID) and Received Signal Strength Indicator (RSSI).
"Based on BSSID and RSSI, the application can determine the location of the device more accurately than GPS, especially indoors," MMRT warned.
MMRT added that users with Android 11 or higher are more insulated from Goldoson in regards to apps attempting to gather data from victims' installed apps, but even then, it's not foolproof. "With the recent version of Android, we found that around 10% of the apps with Goldoson have the permission 'QUERY_ALL_PACKAGES' that allows them to access app information," the McAfee report said.
Which apps were caught with Goldoson malware?
Nearly half of the discovered malware-infected Android apps amassed more than one million installs; five have more than 10 million downloads. Collectively, all 60+ malicious applications attracted more than 100 million installs.
McAfee said that these apps mainly targeted the Korean Google Play app market. Check out the list below to see if you've got any of them on your device.
- L.POINT with L.PAY - 10 million+ downloads
- Swipe Brick Breaker - 10 million+ downloads
- Money Manager Expense & Budget - 10 million+ downloads
- GOM player - 5 million+ downloads
- LIVE Score, Real-Time Score - 5 million+ downloads
- Compass 9: Smart Compass - 1 million+ downloads
- GOM Audio - Music, Sync lyrics - 1 million+ downloads
- LOTTE WORLD Magicpass - 1 million+ downloads
- Bounce Brick Breaker - 1 million+ downloads
- Infinite Slice - 1 million+ downloads
- SamNote - Beautiful note app - 1 million+ downloads
- Korea Subway Info: Metroid - 1 million+ downloads
- UBhind: Mobile Tracker Manager - 1 million+ downloads
McAfee said Google was notified about the listed apps and worked quickly to rectify the issue. Keep in mind, though, that not every app was removed. Some have been updated, ensuring that it no longer contains the malicious library. However, we'd recommend deleting the app altogether. Want to see the full list? Click here.
MMRT boasts that its McAfee Mobile Security service is the best detector of the Goldoson threat in Android phones and removes them promptly.
