If user allows the location permission, the app can access not only GPS data but also Wi-Fi and Bluetooth device information nearby. Likewise, with Android 6.0 or higher, users may be asked for permission s such as Location, Storage, or Camera at runtime. However, even with the recent version of Androi d, we found that around 10% of the apps with Goldoson have the permission “QUERY_ALL_PACKAGES” that allows them to access app information. U sers with Android 11 and above are more protected against apps attempting to gather all installed apps. Google Play considers the list of installed apps to be personal and sensitive user data and require s a special permission declaration to get it. The following tables show t he data observed on our test device. This may allow individuals to be identified when the data is combined. The information contains some sensitive data including the list of installed application s, location history, MAC address of Bluetooth and Wi-Fi nearby, and more. Pages loaded without user perceptionĬ ollected data is sent out periodically every two days but the cycle is subject to change by the remote configuration. Technically, the library loads HTML code and injects it in to a customized and hidden WebView and it produces hidden traffic by visiting the URLs recursively. T he functionality may be abused to load ads for financial profit. The library includes the ability to load web pages without user awareness. The tags such as ‘ ads_enable ’ or ‘ collect_enable ’ indicates each functionality to work or not while other parameters define conditions and availability. Based on the parameters, t he library periodically checks, pulls device information, and send s them to the remote server s. Remote configuration contains the parameters for each of functionalities and it specifies how often it runs the components. The name Gold o son is after the first found domain name. The library name and the remote server domain varies with each application, and it is obfuscated. T he Goldoson library registers the device and gets remote configurations at the same time the app runs. Top 9 applications previously infected by Goldoson on Google Play How does it affect users? Users are encouraged to update the app s to the latest version to remove the identified threat from their devices. Some apps were removed from Google Play while others were updated by the official developers. Google has reportedly notified the developers that their apps are in violation of Google Play policies and fixes are needed to reach compliance. We reported the discovered apps to Google, which took prompt action. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. McAfee Mobile Security detect s this threat as Android/ Gold o son and protect s customers from this and many other mobile threats. While t he malicious library was made by someone else, not the app developers, the risk to installers of the apps remains. The research team has found more than 60 applications containing this third-party malicious library, with more than 100 million downloads confirmed in the ONE store and Google Play app download markets in South Korea. Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user’s consent. ・Control GOM Media Player playback speed, aspect ratio, toggle subtitles on/off, and change the subtitle size.McAfee ’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed, and a history of Wi-Fi and Bluetoot h devices information, including nearby GPS locations. ・Browse and open files in GOM Media Player and GOM Audio via the EasyBrowser ・Basic playback controls for GOM Media Player and GOM Audio like PLAY / STOP / PAUSE / FFW / RWD / Volume Level / Mute / Next File / Previous File ・Launch GOM Media Player, GOM Audio, and PowerPoint * In order to use GOM Remote, GOM Tray must be installed on your Windows PC. Unauthorized users will not be able to connect to your PC via GOM Remote without having access to your PC directly. GOM Remote connects to your PC via the GOM Tray application, which ensures that your connection is secure, and that only one device can be connected at a time. Great for watching movies on your PC without leaving your couch, or controlling your music during a party without having to run to your desk. GOM Remote is a completely free App that allows you to wirelessly connect your Android devices to your PC and remotely control GOM Media Player, GOM Audio, and PowerPoint.
0 Comments
Leave a Reply. |