HQ/EMEAFind out how we can help your business
The Goldoson Library is a new malicious software that harvests lists of apps installed on a mobile device to run an ad fraud campaign. Researchers discovered that the software could also gather private data to increase the attack’s efficiency.
The malicious campaign has compromised over 60 legitimate apps with over 100 million downloads in South Korea.
The Goldoson Library orchestrates a click-ad fraud with extortion tactics.
According to investigations, the infected apps of the Goldoson Library are profiting through financial gains via click-ad fraud techniques while extorting the device owners’ privacy.
The researchers explained that the software loads the HTML-coded web pages on the infected device and injects them into hidden WebView. The strategy allowed the campaign to maintain user traffic on the affiliate websites without the user’s consent. Additionally, the process injects HTML code into a specially crafted WebView that the user cannot see.
The library gathers the list of installed apps, GPS locations, and the history and MAC addresses of recent Bluetooth and Wi-Fi connections. The campaign then sends the data to an attacker-controlled server once every two days.
The compromised apps are available on a South Korean app store and Google Play. The former app store gathered about eight million downloads.
The threat actor obfuscates the name of the library and the remote server through the infected application. Goldoson could register the compromised device while generating the remote configuration for its operators when the malicious applications start running.
Additionally, the remote configuration for the infected apps includes the values for specific parameters, such as the duration and count of ads, interim delays, and how often the components would operate.
These parameters also show that the library could scan the device, gather information, and exfiltrate it to a remote server.
Goldoson library and associated apps are examples of the growing number of entities that could impact mobile devices and applications within legitimate app stores. Therefore, users should be vigilant in downloading applications or avoid downloading unnecessary apps, especially if it does not have good reviews.
