A new variant of an Android Trojan has been reported to be doing the rounds. Ghost Push is a malware family that has affected more than 900,000 Android devices so far. Ghost Push has great capabilities and can even root the device. It is mostly spread through apps that display ads, which are downloaded from sites other than Play Store. Apps that show a lot of ads are supposedly infected by Ghost Push. The new variant of Ghost Push, dubbed Golem, has more capabilities and can mimic user behavior.
So, how can a malware mimic user behavior? There is a particular feature called Input that is pre-packed within the Android OS. It is included for the developers to perform tests on the device for optimization. It can mimic user behavior, keyboard inputs and even touch interactions. The new Android Trojan exploits this feature present in the OS. It is found that Golem roots the device, downloads apps and uses the Input tool to simulate the interaction between the ads and the app.
India is a country that is very high on the list of smartphone users. And there is no surprise in the fact that the most number of Golem infected users are in India. The total number of infected devices are over 40,000 right now and is increasing every day. Since the Android Trojan runs apps and interacts with ads, it consumes a lot of battery, phone resources, and network data. This can slow down the phone considerably. Removing the malware is not as easy as one expects. The device must be rebooted in safe mode to do it. Also, Cheetah Mobile has an app that can remove Golem as well as Ghost Push. Get your phone checked as soon as you can avoid sluggish performance.