SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Oct 2016

Your Android smartphone might still be vulnerable to ancient Ghost Push Trojan

It's been more than two years since the existence of the Ghost Push mobile Trojan was made public – but millions of devices are still vulnerable.

The Trojan, which began evolving in the wild in 2014, infected up to 600,000 Android smartphone and tablet users per day at its peak. The malware runs a malicious DEX file after installation, an Android program executable, to root victim devices and run malicious processes on startup.

Ghost Push is also able to install unwanted apps and programs, display adverts, spy on users, and steal personal information. The Trojan also pushes ads in the Android notification bar to trick users into paying for additional "services," such as porn or other third-party software. The Trojan makes its way onto user devices through third-party app offerings. While Google conducts rigorous security checks when an app is submitted to the official Google Play store, there are Android users who still download applications from other sources.

Ghost Push can be hidden by attackers in any app that does not go through Google Play, and has been detected in both spoofed and legitimate versions of apps including Wi-Fi Enhancer, Amazon, and Memory Booster. Researchers from Cheetah Mobile say that the malware now also spreads through malicious links, malvertising, and pornography websites.

"As these root Trojans are very difficult to remove, and they often update the ads or root SDK automatically, there is a stable bunch of 'users,'" the researchers note. "Through pushing ads and distributing apps to these users, the Trojans can make profits constantly."

Android users who keep their devices up-to-date have no need to worry, however, as Ghost Push does not work on Android Marshmallow 6.0 or Nougat 7.0. Outdated Android devices still running version five, Android Lollipop, or earlier are the problem. Google estimates that over 50 percent of users are running devices on Android Lollipop and earlier, which leaves potentially millions of devices open to exploit.

"Users should avoid clicking unknown third-party links and only download applications from reputable app stores," the researchers note. "If the phones become infected via root Trojans, users can remove the Trojans with Trojan Killer or just flash their phones. Another solution is to update the device to Android 6.0."

Tags:
trojan information leaks Android
Source:
ZDNet
1895
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015