Ghost Push has continued to evolve since we began to track it. As we explained in last year’s Android Security report, in 2015 alone, we found more than 40,000 apps associated with Ghost Push. Our actions have continued at this increasingly large scale: our systems now detect and prevent installation of over 150,000 variants of Ghost Push.
Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we’ve worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. This morning, Check Point detailed those findings on their blog.
As always, we take these investigations very seriously and we wanted to share details about our findings and the actions we’ve taken so far.
An interesting post by Adrian Ludwig, Android’s security chief, on a site called “Google Plus”.