Ghost Push Android Malware Infects 600,000 New Users per Day

[Karamjit]

Android devices affected by near uninstallable virus

A new type of Android malware has been observed in the wild, packaged with Android apps being distributed through non-Google app stores, infecting more than 600,000 new users each day.

This new malware has been named Ghost Push and was discovered by Cheetah Mobile, a leading Android developer responsible for popular apps like Battery Doctor, Cleam Master, CM Browser, CM Security, and CM Launcher.

According to Cheetah Mobile's estimations, the malware has currently infected 14,847 phone types and models, from 3,658 brands, with most of the infected users residing in Eastern Europe, Russia, India, Mexico, Venezuela, the Middle East, South-East Asia, and Southern China.

The company's security researchers claim to have gotten on the Ghost Push's trail after they frequently ran into support topics on Android forums asking for help in removing a few uninstallable apps.

Taking a closer look at the apps in question, the researchers found a malware hiding in its code which managed to root the victim's phone and install itself in the ROM.

Ghost Push, a near uninstallable malware

By doing this, the malware become boot-persistent, automatically starting every time the phone was restarted. This meant that countermeasures like starting the device in safe mode or performing a factory reset would not be enough to remove the malware permanently from infected Android phones.

As of the time of this article, Cheetah Mobile claimed that it detected 39 apps, distributed through unofficial channels, which were bundled with Ghost Push.

The apps are Accurate Compass, All-star Fruit Slash, Amazon, Assistive Touch, Assistive Touch, Boom Pig, Daily Racing, Fast Booster, Fruit Slots, Happy Fishing, Hot Girls, Hot Video, Hubii News, Ice Browser, iTouch, iVideo, Indian Sexy Stories 2, Lemon Browser, Light Browser, Memory Booster, MonkeyTest, Multifunction Flashlight, Photo Clean, PinkyGirls, PronClub, SettingService, Sex Cademy, Simple Flashlight, SmartFolder, Super Mario, Talking Tom 3, TimeService, WhatsWifi, WiFi Enhancer, WiFi FTP, Wifi Speeder, WordLock, XVideo, and XVideo Codec Pack.

The company says that its products, Clean Master and CM Security, can detect the infection.

To help users get rid of the Ghost Push malware, Cheetah Mobile has provided a special app called Stubborn Trojan Killer on the Google Play Store, but has also furnished step-by-step instructions on how to remove the malware yourself.

From

[dMog]

well gee hey more stuff not from the google store ...idiots :lol:

[steven36]

How malware finally infected Apple iOS apps: XCodeGhost

http://www.zdnet.com/article/how-malware-finally-infected-apple-ios-apps-xcodeghost/

[DKT27]

well gee hey more stuff not from the google store ...idiots :lol:

Not many can buy paid apps. Not many can pay for apps, while they are relatively cheaper, they make it a lot if one wants or needs lots of them. Some do not have access to cards to buy things online.

This leads to people getting apps from outside of the Google Playstore. Many sites are trusted ones, many had to close and it also depends on the posters of the apps on the site. But yeah, it is always best to get the apps from the Google Playstore though.

[smallhagrid]

If one has several devices, and not all regged for GP - this APK:

https://play.google.com/store/apps/details?id=com.cleanmaster.security.stubborntrjkiller

Can be grabbed here:

http://apkappdownloads.com/go.php?id=com.cleanmaster.security.stubborntrjkiller

Yes, I know this is a non-GP site - and I admit that I actively avoid getting anything via the big G whenever possible.

So - I grabbed it & have not tried it yet...anyone here used this app yet with good results ??

Thanks.