Ghost Push

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software.[1][2] The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised.[3] As of September 2015, twenty variants were in circulation.[4] Latter day versions employed routines which made them harder to detect and remove.[1]

The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data.[3] Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.[2]

Infection typically comes via downloading applications from third-party app stores,[4] where at least thirty-nine applications have been identified as carriers.[3] At its peak, the Ghost Push virus infected more than 600,000 devices daily,[3] with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.

The malware was discovered in September 2015 by Cheetah Mobile's security research lab.[2][3][5][6][7]


  1. ^ a b Yang, Yang; Pan, Jordan (30 September 2015). "New "Ghost Push" Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps". Security Intelligence Blog (Blog posting). Trend Micro. Retrieved 18 May 2019.
  2. ^ a b c "'Ghost Push' Malware Infects 600K Android Users Daily". Retrieved 2016-01-09.
  3. ^ a b c d e Yeung, Ken (18 September 2015). "Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps" (Blog or News (unclear)). VentureBeat. Retrieved 18 May 2019.
  4. ^ a b Neal, Dave (1 October 2015). "Ghost Push malware is putting the willies up Android users - TheINQUIRER". The Inquirier. London: Incisive Business Media. Archived from the original on October 2, 2015. Retrieved 18 May 2019.{{cite web}}: CS1 maint: unfit URL (link)
  5. ^ "How to avoid the new Android "Ghost Push" virus | One Page |". Retrieved 2016-01-09.
  6. ^ "Ghost Push malware can root devices and install unwanted apps - here is the fix". Retrieved 2016-01-09.
  7. ^ "'Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day - The world's leading mobile tools provider". Retrieved 2016-01-09.