There have been multiple instances in the past where attackers host malicious mobile apps or infect genuine apps with malicious functionalities. Such apps lure victims by listing features which victims will be attracted to, create fake version of popular apps or infect popular application with malicious functionalities exploiting vulnerability in app itself or vulnerable third party libraries.
Recently, McAfee’s Mobile Research Team claims to have found more than 60 applications containing third-party malicious library named Goldoson targeting South Korean market ( Users in India need not worry). These apps have more than 100 million downloads confirmed in the ONE store and Google.
Previously also there had been instances if malicious applications and third party libraries which were vulnerable.
Details
The software library that collects lists of apps installed, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. It can also perform ad fraud by clicking advertisements in the background without the user’s consent.
The Goldoson library registers the device and gets remote configurations at the same time the app runs. The library name and the remote server domain varies ( technique called domain generation algorithm (DGA)) with each app and it is obfuscated.
Currently, Google has removed the apps after these apps were reported by McAfee Mobile Security. However, there will be lot more apps that could be relying on malicious libraries. Some apps were removed from Google Play while others were updated by the official developers.
Recommendation
It is important that all those Android smartphone users who have apps on their phones delete the malicious apps.
Users are encouraged to update the apps to the latest version to remove the identified threat from their devices
Review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section.
Verify app permissions and grant only those which have relevant context for the app's purpose.
Install regular Android updates and patches.
Don't browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.
Reference
https://m.timesofindia.com/gadgets-news/malware-found-in-60-android-apps-with-100-million-downloads-but-why-users-in-india-are-safe/amp_articleshow/99550425.cms
Comments