Cybersecurity experts discovered a new type of malware that infiltrated legitimate apps on the Google Play Store and ONE store, and it collects data on installed apps, a history of Wi-Fi and Bluetooth-connected devices and a user’s GPS locations.
Reported by McAfee’s Mobile Research Team, the Goldoson malware made its way onto 63 applications with over 100 million downloads overall on Google Play. The malicious software library can also load pages right under the user’s nose, which can be used to click advertisements in the background for threat actors to make a profit – the main benefit of adware.
The Goldoson software library registers the device once an infected app in launched, and gets remote configurations when the app is running from a remote server, with its domain being unclear. The Android malware sends collected data every two days, including sensitive information such as location history, MAC address of Bluetooth and Wi-Fi nearby and more.
The report confirms that devices running Android 11 and above are better protected from the info-stealing malware, as the OS is more aware of suspicious apps gathering data on installed apps. Still, researchers claim 10% of apps with Goldonson can still get access to app data even with that latest version of Android.
McAfee reached out to Google about the infected apps. The tech giant alerted developers of the malware occupying their apps, stating that fixes are needed otherwise apps will be removed from Google Play. Many developers have updated their apps to remove the Goldonson malware, but some apps have been removed.
Here’s a list of the most popular apps and their status.
| Name of app | Google Play downloads | Status |
| L.POINT with L.PAY | 10 million+ | Updated |
| Swipe Brick Breaker | 10 million+ | Removed |
| Money Manager Expense & Budget | 10 million+ | Updated |
| GOM Player | 5 million+ | Updated |
| LIVE Score, Real-Time Score | 5 million+ | Updated |
| Pikicast | 5 million+ | Removed |
| Compass 9: Smart Compass | 1 million+ | Removed |
| GOM Audio – Music, Sync lyrics | 1 million+ | Updated |
| Bounce Brick Breaker | 1 million+ | Removed |
| Infinite Slice | 1 million+ | Removed |
How to remove Goldonson malware on Android
With the amount of downloads these apps have, users with these apps should either update the apps on their Android device in order to remove the malware, or delete the app if it has been removed on the Google Play Store.
The ONE store, a third-party Android app store in South Korea, also has apps infected by the malware. Apps from third-party app stores are at risk of not being updated or removed. If you download apps from these platforms, you should remove them.
Here’s a way to get rid of dangerous apps on your Android device safely. For more ways, check out our guide on how to remove malware on Android.
Safely remove an app on Android
- On your Android, press the necessary buttons to turn off your device.
- Tap and hold the Power off icon.
- Press OK to reboot to safe mode. This will restart your device.
- Once restarted, head to Settings.
- Navigate to Apps.
- Select any suspicious apps you wish to remove.
- Tap Uninstall. Restart your device to go back to normal mode.
Clear cache on Android
Clearing your browser and app cache on your Android device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software like adware can use this to cause more harm. Clearing cache can also help clear up space on your Android, boosting the device’s performance.
- To clear app cache, head to Settings on your Android.
- Select Storage and choose Apps.
- Select an app.
- Tap Clear cache.
Many Android owners use Google Chrome as their default browser. Here’s how to clear cache in Chrome on Android.
- On your Android, open Chrome.
- Tap the three vertical dots in the upper-right corner.
- Select Settings.
- Tap Privacy and security.
- Select Clear browsing data.
- To just clear cache, uncheck Browsing history and Cookies and site data.
- Tap Clear data.
Use antivirus software to protect your device
Simply put, the best way to get rid of malware is to use the best antivirus software.
There are many free malware removal apps that will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.
The best antivirus apps come with a suite of security features that can get rid of virus, malware, ransomware, spyware or any malicious software that burrows into your Android. Some antivirus software, such as Bitdefender, offers security subscriptions specifically for Android, making it a more cost-effective option for those that only need Android protection.
We also recommend free apps from known cybersecurity companies, including Avast One, AVG and Malwarebytes Mobile Security. These will detect and remove malware on your Android. Check out our thoughts on each antivirus below.
