The cybersecurity company McAfee has analyzed Google Play and has discovered malicious software with the ability to collect data from infected devices, affecting 60 applications from the Google store. These have been downloaded more than 100 million times before the news was released and, thanks to the company's report, the American technology giant has already begun to remove some of these affected apps from its store.
McAfee found a library of third-party software, which it has named Goldoson. It is a dangerous element since, as the company details, "it collects lists of installed applications and a history of information from Wi-Fi and Bluetooth devices, including nearby GPS locations."
This Goldoson library, in addition to accessing this private information, has the functionality to commit advertising fraud integrated. This major malware can do so by clicking on ads in the background, without the user being aware of what is happening. Loads the HTML code and injects it into a custom, hidden WebView.
The cybersecurity company points out in its report that "Google Play considers the list of installed applications to be the user's personal and confidential data and requires a special permission statement to obtain it." Thus, they point out that users with "Android 11 and higher are most protected” of these applications, although in the most recent version McAfee has found “about 10% of applications with Goldoson have the 'QUERY_ALL_PACKAGES' permission that allows them to access application information”.
Affected apps include: L.Point with L.Pay, Swipe Brick Breaker, Money Manager Expense
