While most Android device owners are gearing up for the release of Android 7.0 Nougat and, subsequently, Android 7.1, more than half of Android devices still run the risk of being infected by an old malware dubbed Ghost Push.
The trojan first reared its ugly head two years ago, just as mobile users were anticipating Android Lollipop as the firmware of the day.
Some Android lovers have since upgraded to Android 6.0 Marshmallow and, more recently, Android 7.0 Nougat, which are both immune to Ghost Push. But 57 percent of Android devices still operate on older versions of the OS, from version 5 below.
The damage dealt by the Ghost Push malware was publicized only in September 2015 by mobile app and security company Cheetah Mobile after days of analyzing the source of the trojan and its impact on mobile app downloads.
To this day, gadget owners who operate smartphones and tablets on Android 5.0 Lollipop and earlier are susceptible to attack.
"As the trojan has updated the root samples several times, currently, it is able to root almost all Android versions except for Android 6.0," the Cheetah Mobile team notes.
Ghost Push Trojan Source
The Ghost Push malware piggybacks on some popular apps, ad links and short links that are haphazardly downloaded and clicked by Android users. While it's common sense to avoid visiting and downloading apps from suspicious sites, the fact that the malware has infiltrated even Google Play Store makes matters worse.
Even seemingly trustworthy apps such as "Privacy Lock" and "Easy Locker," and some harmless ones such as "Talking Tom 3" and "Calculator," fell victim to the trojan when bogus versions of these apps duped unwitting users.
With the apps downloaded from Google Play Store, automatic, banner and popup ads would direct users to a page that prompts them to download an app. Sometimes, the moment a user launches Google Play Store, the malware automatically installs unwanted apps, Cheetah Mobile explains.
Other sources of the Ghost Push malware include trojans pre-installed in Android phones, as well as SMS worms and malicious apps and software downloaded from pornographic and other suspicious sites.
What The Ghost Push Trojan Does
Simply put, the Ghost Push trojan hijacks Android smartphones and tablets. To take full control of an Android device, it inputs encrypted core codes into the system directory "to disguise the malware as the built-in apps of the phone."
Because Ghost Push tinkers with some parameters that are supposed to block third parties from obtaining root access, it becomes difficult to scan and remove the trojan.
As part of the malicious attacks, the Ghost Push malware would:
• Cause ad popups and trick users into downloading other malicious apps
• Display deceptive or pornographic pages to users, trick users to pay money or download new malicious samples
• Display ads or promote webpages
• Lead users to pornographic pages or promote apps
• Push ads in the status bar
How To Fix The Ghost Push Malware
The best option for users to keep their Android devices malware-free at this point is to upgrade to Android 6.0 Marshmallow or Android 7.0 Nougat to stay ahead of the malicious attacks. Device owners can also deploy a reliable trojan killer that could uproot the malware from the system.
Photo: Greyweed | Flickr