This respository contains apk samples with the goldoson malware reported by McAfee.
The malware tries to connect to one of the following domains which can be verified using a string grep:
| Domains |
|---|
| bhuroid.com |
| enestcon.com |
| htyyed.com |
| discess.net |
| gadlito.com |
| gerfane.com |
| visceun.com |
| onanico.net |
| methinno.net |
| goldoson.net |
| dalefs.com |
| openwor.com |
| thervide.net |
| soildonutkiel.com |
| treffaas.com |
| sorrowdeepkold.com |
| hjorsjopa.com |
| dggerys.com |
| ridinra.com |
| necktro.com |
| fuerob.com |
| phyerh.net |
| ojiskorp.net |
| rouperdo.net |
| tiffyre.net |
| superdonaldkood.com |
| soridok2kpop.com |