This dangerous new Android malware has infiltrated apps with over 100 million installs

Samsung Galaxy S23 hands on display macro
The Google Play Store on Samsung's Galaxy S23 (Image credit: Future | Alex Walker-Todd)

In the latest example of supply chain attack shenanigans, unnamed hackers have reportedly managed to compromise 100 million Android devices with data-harvesting malware.

Cybersecurity researchers from McAfee recently discovered a third-party library that they dubbed Goldoson.

The library was added to 60 extremely popular Android apps that users can download via the Play Store and the OneStore (Play Store’s biggest competitor in South Korea). The library was malicious and collects data on installed apps, data on Wi-Fi- and Bluetooth-connected endpoints, and GPS location data.

Adware

The researchers describe Goldoson as “privacy-invasive and clicker Android adware”, as it can click on ads in the background, without the device owner’s consent. The targets are mostly South Korean, it would seem. 

Some of the most popular Android apps that fell prey to this attack are L.POINT with LPAY, Swipe Brick Breaker, and Money Manager Expense & Budget, all of which have in excess of 10 million downloads. 

Then there’s GOM Player, LIVE Score, Real-Time Score, and Pikicast, with five million downloads each, and a handful of other apps with more than a million downloads. 

The amount of data stolen from a device depends on the permissions each app has on the smartphone. According to BleepingComputer, Android 11 and newer versions are better protected against arbitrary data collection, but even in that case, McAfee found Goldoson being able to extract data in 10% of the apps. 

The researchers notified Google about their findings which, in turn, raised the question with the apps’ developers, who were told their apps now violated Google Play policies. While most developers acted promptly and updated their apps to remove the malicious content, some failed to respond. Google removed these apps from the app repository, it was said. 

Therefore, to stay safe from malicious adware and data-harvesting malware, make sure to update your apps to the latest version. If some of your apps are no longer available on the Play Store, it might be best to remove them.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
mobile phone
Popular Android financial help app is actually dangerous malware
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI