Ghost Push Android Malware Responsible for Infecting 600k New Users Daily

The Ghost Push malware comes with those Android apps that are available at non-Google app stores.

The newly discovered Android malware dubbed as Ghost Push Malware has the capability of compromising a massive number of new devices (more than 600,000) on a daily basis. 

The malware has been detected by a famous Android developer Cheetah Mobile. The same company is responsible for producing some very popular apps such as Clean Master, CM Security, Battery Doctor, CM Launcher and CM Browser.

According to the claims by Cheetah Mobile’s security research team, currently, this malware has managed to infect around 14,847 mobile devices from 3,658 brands. 

The most affected users have been identified to reside in regions like Russia, India, Eastern Europe, the Middle East, Southern China, Mexico, Venezuela, and South-East Asia.

The researchers have detected around 39 apps. These apps are distributed via unofficial channels and the apps were bundled with Ghost Push malware.

Ghost Push an Uninstallable Infection

The Ghost Push Malware’s trail was tracked by the firm’s security researchers after they identified support topics on various random Android forums where users asked for help in deleting some uninstallable apps.

When the team dug deeper and surveyed these apps, it was detected that the malware that was hidden in their codes actually roots the victim’s phone and automatically installs itself in the device’s ROM.

This helps in making the malware boot-resistant, as it manages to start automatically whenever the user tries to restart the phone in order to remove the app/virus. Thus, it can be stated that the countermeasures such as re-starting the device in safe mode or conducting a factory reset won’t help in deleting the malware permanently.

The firm identified an important aspect that its products CM Security and Clean Master can easily detect if your device has the infection or not.

Cheetah Mobile also offers users a remedy to delete this malware in the form of Stubborn Trojan Killer, a special app that is available at Google Play Store. The app contains descriptive step-by-step instructions regarding how to delete the malware manually.

The apps that are bugged with Ghost Push include the following:

Accurate Compass, Amazon, All-star Fruit Slash, Assistive Touch, Boom Pig, Assistive Touch, Fast Booster, Daily Racing, Fruit Slots, Hot Girls, Happy Fishing, Hot Video, Hubii News, Ice Browser, iTouch, iVideo, Indian Sexy Stories 2, Lemon Browser, Light Browser, Memory Booster, MonkeyTest, Multifunction Flashlight, Photo Clean, PinkyGirls, PronClub, SettingService, Sex Cademy, Simple Flashlight, SmartFolder, Super Mario, Talking Tom 3, TimeService, WhatsWifi, WiFiEnhancer, WiFi FTP, Wifi Speeder, WordLock, XVideo, and XVideo Codec Pack.