Ghost Push

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software.^[1]^[2] The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised.^[3] As of September 2015, twenty variants were in circulation.^[4] Latter day versions employed routines which made them harder to detect and remove.^[1]

The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data.^[3] Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.^[2]

Infection typically comes via downloading applications from third-party app stores,^[4] where at least thirty-nine applications have been identified as carriers.^[3] At its peak, the Ghost Push virus infected more than 600,000 devices daily,^[3] with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.

The malware was discovered in September 2015 by Cheetah Mobile's security research lab.^[2]^[3]^[5]^[6]^[7]

References[edit]

^ ^a ^b Yang, Yang; Pan, Jordan (30 September 2015). "New "Ghost Push" Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps". Security Intelligence Blog (Blog posting). Trend Micro. Retrieved 18 May 2019.
^ ^a ^b ^c "'Ghost Push' Malware Infects 600K Android Users Daily". tripwire.com. 22 September 2015. Retrieved 2016-01-09.
^ ^a ^b ^c ^d ^e Yeung, Ken (18 September 2015). "Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps" (Blog or News (unclear)). VentureBeat. Retrieved 18 May 2019.
^ ^a ^b Neal, Dave (1 October 2015). "Ghost Push malware is putting the willies up Android users - TheINQUIRER". The Inquirer. London: Incisive Business Media. Archived from the original on October 2, 2015. Retrieved 18 May 2019.{{cite web}}: CS1 maint: unfit URL (link)
^ "How to avoid the new Android "Ghost Push" virus | One Page | Komando.com". komando.com. Archived from the original on 2015-09-23. Retrieved 2016-01-09.
^ "Ghost Push malware can root devices and install unwanted apps - here is the fix". androidauthority.com. 13 October 2015. Retrieved 2016-01-09.
^ "'Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day - The world's leading mobile tools provider". cmcm.com. Retrieved 2016-01-09.

[:0-1] Yang, Yang; Pan, Jordan (30 September 2015). "New "Ghost Push" Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps". Security Intelligence Blog (Blog posting). Trend Micro. Retrieved 18 May 2019.

[tripwire-2] "'Ghost Push' Malware Infects 600K Android Users Daily". tripwire.com. 22 September 2015. Retrieved 2016-01-09.

[venturebeat-3] Yeung, Ken (18 September 2015). "Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps" (Blog or News (unclear)). VentureBeat. Retrieved 18 May 2019.

[:1-4] Neal, Dave (1 October 2015). "Ghost Push malware is putting the willies up Android users - TheINQUIRER". The Inquirer. London: Incisive Business Media. Archived from the original on October 2, 2015. Retrieved 18 May 2019.{{cite web}}: CS1 maint: unfit URL (link)

[komando-5] "How to avoid the new Android "Ghost Push" virus | One Page | Komando.com". komando.com. Archived from the original on 2015-09-23. Retrieved 2016-01-09.

[androidauthority-6] "Ghost Push malware can root devices and install unwanted apps - here is the fix". androidauthority.com. 13 October 2015. Retrieved 2016-01-09.

[cmcm-7] "'Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day - The world's leading mobile tools provider". cmcm.com. Retrieved 2016-01-09.

[1]

[2]

[3]

[4]

[5]

[6]

[7]