Key Takeaways
What is Goldoson?
McAfee recently reported on a privacy-invasive and clicker adware called Goldoson, found in several popular Android apps in South Korea. It is present in the apps due to being part of a third-party library. The adware's primary objective is to generate revenue for its creators using fraudulent recursive visits to hidden ads on the infected device.
McAfee researchers found that the adware is integrated into legitimate apps, which, once downloaded, request excessive permissions from users. These permissions include the ability to access SMS messages, call logs, and device information. In some cases, the adware was found to open web pages in the background without the user's knowledge, which can lead to a significant drain on the device's battery life.
McAfee researchers identified more than 60 popular apps in South Korea infected with Goldoson, including a popular mobile game with over 10 million downloads. The adware is believed to have infected tens of thousands of devices in South Korea. However, it is possible the adware could spread to other countries if the infected apps are downloaded from third-party app stores.
Goldoson highlights the threats posed by third-party libraries that may be used by developers of legitimate apps, who are unaware of their potentially malicious nature. Goldoson also highlights the threats posed by adware and the need for users to be cautious when downloading apps. To minimize the risk of adware and other potentially unwanted programs, only download apps from official app stores and carefully review the permissions requested by the app before installing it.
IOCs
PolySwarm is currently monitoring for samples of Goldoson.
You can use the following CLI command to search for all Goldoson samples in our portal as they become available:
$ polyswarm link list -f Goldoson
Don’t have a PolySwarm account? Go here to sign up for a free Community plan or to subscribe.
Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports