New Android Trojan Can Simulate User Interactions

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/new-android-trojan-can-simulate-user-interactions-501391.shtml
A new variant of an older trojan is making the rounds, and this threat has the ability to mimic user behavior, a feature that it uses to boost the malware operator's profits.

This new trojan, nicknamed Golem, is a variant of the Ghost Push malware family on which we reported last September. Ghost Push is an Android trojan with rooting capabilities, which is mostly found in apps distributed through third-party app stores, employed mainly to show unwanted ads to users.

The difference between Golem and Ghost Push is the fact that Golem got a new functionality that abuses a built-in Android feature called "Input," reports Cheetah Mobile, a leading Android developer responsible for popular apps like Battery Doctor, Clean Master, CM Browser, CM Security, and CM Launcher.

The Input tool is prepacked in Android devices and allows developers to conduct automated testing procedures by mimicking user behavior, even simulating touch interactions and keyboard input.

Golem is abusing Android's Input tool to simulate user behavior
The company found that, after rooting the device, Golem was downloading unsolicited apps on the device, opening these apps, and abusing the Input tool to simulate user interaction, with the app and its ads.

Cheetah Mobile is reporting that over 40,000 Android users have been infected and that the number is growing by the day. Most of the victims are from South East Asia, and the hardest hit countries are India, Indonesia, and the Philippines.

"Since Golem can control devices remotely and automatically launch and run applications without a user’s consent, these malicious behaviors will consume a lot of network data, battery power, and local device resources, slowing down phones as a result," a Cheetah Mobile security expert explains.

Because the trojan gets root privileges, removing it from affected systems might require users to start their Android in safe mode, something much harder than many people expect. Additionally, Cheetah Mobile is also offering an app called Stubborn Trojan Killer, via the official Google Play Store, which can remove this trojan and the older Ghost Push.
Click to expand...
 
  • Like
Reactions: LabZero and Der.Reisende
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
880
News Archive
MuzzMelbourne
MuzzMelbourne
MuzzMelbourne
    • Like
    • Wow
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
Replies
0
Views
812
News Archive
MuzzMelbourne
MuzzMelbourne
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Malware News Android malware Chameleon disables Fingerprint Unlock to steal PINs
Replies
1
Views
1,009
Security News
goldensu
G

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top