Ghost Push has continued to evolve since we began to track it. As we explained in last year’s Android Security report, in 2015 alone, we found more than 40,000 apps associated with Ghost Push. Our actions have continued at this increasingly large scale: our systems now detect and prevent installation of over 150,000 variants of Ghost Push.
Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we’ve worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. This morning, Check Point detailed those findings on their blog.
As always, we take these investigations very seriously and we wanted to share details about our findings and the actions we’ve taken so far.
An interesting post by Adrian Ludwig, Android’s security chief, on a site called “Google Plus”.
…was lost as soon as they relied on device-manufacturers for os-updates
btw: I am typing this on a tablet that saw its last update when heartbleed was a thing…
Bingo. Funny how they won’t admit where the real problem is.
smashIt,
Yep, updates will remain a problem because manufactures don’t want to deliver updates themselves and they don’t want to provide the FOSS community with what we needs to build our own independent updates. We can’t reuse the proprietary drivers because there’s no ABI to make those bits portable to new kernels. We’re stuck.