Ghost Push Explained
Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software.[1] [2] The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised. As of September 2015, twenty variants were in circulation. Latter day versions employed routines which made them harder to detect and remove.
The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data. Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.
Infection typically comes via downloading applications from third-party app stores,[3] where at least thirty-nine applications have been identified as carriers. At its peak, the Ghost Push virus infected more than 600,000 devices daily, with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.
The malware was discovered in September 2015 by Cheetah Mobile's security research lab.[4] [5] [6] [7]
Notes and References
- Web site: New "Ghost Push" Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps. Yang. Yang. Pan. Jordan. 30 September 2015. Security Intelligence Blog. Trend Micro. Blog posting. 18 May 2019.
- Web site: 'Ghost Push' Malware Infects 600K Android Users Daily. 22 September 2015 . tripwire.com. 2016-01-09.
- Web site: Ghost Push malware is putting the willies up Android users - TheINQUIRER. https://web.archive.org/web/20151002163011/http://www.theinquirer.net/inquirer/news/2428494/ghost-push-malware-is-putting-the-willies-up-android-users. unfit. October 2, 2015. Neal. Dave. 1 October 2015. The Inquirer. Incisive Business Media. London. 18 May 2019.
- Web site: Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps. Yeung. Ken. 18 September 2015. VentureBeat. Blog or News (unclear). 18 May 2019.
- Web site: How to avoid the new Android "Ghost Push" virus | One Page | Komando.com. komando.com. 2016-01-09. https://web.archive.org/web/20150923185741/http://www.komando.com/happening-now/326607/how-to-avoid-the-new-android-ghost-push-virus/all . 2015-09-23 . dead.
- Web site: Ghost Push malware can root devices and install unwanted apps - here is the fix. 13 October 2015 . androidauthority.com. 2016-01-09.
- Web site: 'Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day - The world's leading mobile tools provider. cmcm.com. 2016-01-09. 2016-01-19. https://web.archive.org/web/20160119070740/http://www.cmcm.com/blog/en/security/2015-09-18/799.html. dead.