This respository contains apk samples with the goldoson malware reported by McAfee.
The malware tries to connect to one of the following domains which can be verified using a string grep:
Domains |
---|
bhuroid.com |
enestcon.com |
htyyed.com |
discess.net |
gadlito.com |
gerfane.com |
visceun.com |
onanico.net |
methinno.net |
goldoson.net |
dalefs.com |
openwor.com |
thervide.net |
soildonutkiel.com |
treffaas.com |
sorrowdeepkold.com |
hjorsjopa.com |
dggerys.com |
ridinra.com |
necktro.com |
fuerob.com |
phyerh.net |
ojiskorp.net |
rouperdo.net |
tiffyre.net |
superdonaldkood.com |
soridok2kpop.com |