Skip to main content

Goldoson Malware: McAfee’s Mobile Research
Team Uncovers New Malware in Over 60 Apps

Melissa Gaffney | April 26, 2023

Melissa Gaffney

April 26, 2023

In the digital age, our smartphones have become our lifelines, storing everything from our contacts to our calendars, to our personal information. While we rely heavily on our mobile devices, we often forget about the security risks that come along with them. McAfee’s Mobile Research Team recently made a discovery that found millions of South Korean app users that could be at risk. They uncovered a malicious software library they dubbed Goldoson that was present in over 60 apps in the ONE store and Google Play with more than 100 million confirmed downloads, that can collect user data and perform ad fraud.

To understand the potential threat of Goldoson, let us first dissect what the library does. When installed in an app, Goldoson can collect a user’s list of installed applications and log the history of Wi-Fi and Bluetooth devices, including GPS locations. This can be done in the background without the user’s knowledge or consent. What’s more concerning is that Goldoson also has the capability to perform ad fraud, which means it can automatically click on advertisements running in the background of an app without the user’s knowledge or consent. This ad fraud can cause financial damage to both the app developers and the advertisers.

According to McAfee’s Mobile Research Team, this malicious library was not made by the app developers but was rather inserted by a third-party. This means that while users may have trusted the official developer, their personal data could be harvested by other entities. Per the McAfee blog their team “reported the discovered apps to Google, which took prompt action. Google has reportedly notified the developers that their apps are in violation of Google Play policies and fixes are needed to reach compliance. Some apps were removed from Google Play while others were updated by the official developers. Users are encouraged to update the apps to the latest version to remove the identified threat from their devices.”

Goldoson highlights the risk that users unknowingly take when downloading apps. It’s important to note that while this specific case happened in South Korea, it can be a potential threat to all users globally. The fact that a single malicious library can have such a wide reach is concerning and calls for improved security measures for app developers and users alike.

To combat the threat of malicious libraries like Goldoson, mobile developers must be vigilant in ensuring their apps are free from harmful third-party libraries. Additionally, third-party libraries should only be integrated after thorough screening to ensure they are not malicious. Users should adopt a cautious approach when downloading and using apps, ensuring they only download from trusted sources like official app stores. By using Q-Scout, end-users can determine which apps are vulnerable to security events, which permissions expose them to data leaks, which data is being collected and where it is being sent, and more. Q-Scout’s patented proactive remediation engine takes practical and easy steps to mitigate risks, keeping users safe, happy, and secure in today’s complex digital world. Lastly, it is advisable to read reviews and privacy disclosures on the app before downloading. It’s also recommended for developers to scan their mobile apps with Q-MAST so you can detect and block malicious libraries.

The discovery of the Goldoson library is a wake-up call for both app developers and users to take security threats seriously. Data breaches can be devastating not only for the users but also for the app developers and advertisers. It’s essential that users are empowered with knowledge and adopt a cautious approach when downloading apps and we should all work towards a safer digital landscape.

Leave a Reply

Close Menu