T he functionality may be abused to load ads for financial profit. The library includes the ability to load web pages without user awareness. The tags such as ‘ ads_enable ’ or ‘ collect_enable ’ indicates each functionality to work or not while other parameters define conditions and availability. Based on the parameters, t he library periodically checks, pulls device information, and send s them to the remote server s. Remote configuration contains the parameters for each of functionalities and it specifies how often it runs the components. The name Gold o son is after the first found domain name. The library name and the remote server domain varies with each application, and it is obfuscated. T he Goldoson library registers the device and gets remote configurations at the same time the app runs. Top 9 applications previously infected by Goldoson on Google Play How does it affect users? Users are encouraged to update the app s to the latest version to remove the identified threat from their devices. Some apps were removed from Google Play while others were updated by the official developers. Google has reportedly notified the developers that their apps are in violation of Google Play policies and fixes are needed to reach compliance. We reported the discovered apps to Google, which took prompt action. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. McAfee Mobile Security detect s this threat as Android/ Gold o son and protect s customers from this and many other mobile threats. While t he malicious library was made by someone else, not the app developers, the risk to installers of the apps remains. The research team has found more than 60 applications containing this third-party malicious library, with more than 100 million downloads confirmed in the ONE store and Google Play app download markets in South Korea. Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user’s consent. McAfee ’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed, and a history of Wi-Fi and Bluetoot h devices information, including nearby GPS locations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |