Over Half of Android Devices Still Vulnerable to Ghost Push Trojan Due to Delayed Updates


It's been over two years since we first learned about the Android trojan Ghost Push. But, even after years the malware remains active and millions of devices are still vulnerable to it.

Evolving and attacking Android devices in the wild since 2014, Ghost Push infected over 600,000 Android devices per day, during its peak. Now, researchers have revealed that the Android devices are still vulnerable to this trojan, thanks to lack of Android security updates.

Android smartphones and tablets that are running Android 6.0 Marshmallow or Android 7.0 Nougat are secure from this trojan. However, millions of devices still run Android 5.0 Lollipop or earlier versions of Android. Very few devices have been upgraded to the latest versions of Android due to lack of OEM or carrier support. "Currently, almost all Android versions except Android 6.0 are at risk of being rooted," the report said.

As shared with our readers earlier today, most of Android trojans come from pirate and open-sourced stores, outside of the official Google Play Store. Deceptive advertising, third-party web pages, and pornographic websites remain the top sources of how this trojan is installed on user devices. While Google conducts security checks when an app is submitted to Google Play store, you cannot be sure about the security features, or what an app is actually doing in the background, if you are installing it from what's known as "unknown sources."

Ghost Push and its capabilities

Once installed through any of these channels, thanks to its root privileges, Ghost Push is able to install more malware, unwanted apps and programs for revenue, display adverts, and even spy on users and steal their personal information. "As these root Trojans are very difficult to remove, and they often update the ads or root SDK automatically, there is a stable bunch of 'users'. Through pushing ads and distributing apps to these users, the Trojans can make profits constantly," researchers noted.

If you have received updates for your Android device, install them right away. Updating to Android 6.0 or later is the easiest way to avoid these issues. But, if you cannot, try to download applications only from the Google Play store to avoid these data stealing and spyware apps.