In September 2015, Cheetah Mobile Security Research Lab warned Android users against a new type of malware affecting devices called ‘Ghost Push’ – a stubborn Trojan which is nearly impossible to remove. Multiple variants of this dangerous virus have been discovered and so far this malicious code has affected more than 900,000 Android users (ranging from 2.3.4 to 5.1) in over 116 countries. Experts from the Cheetah Mobile Security Research Lab found that behind this virus family is an illegal mobile marketing industry chain who make 4.05 million dollars every day.
India is among the major regions that is being affected by this virus with 158,729 devices being infected.While globally Samsung suffered most, in India Micromax had around 55,444 devices being infected. This is followed by 19,984 HTC and 9,905 Samsung devices. Globally, Ghost Push has infected 10,000 phone types and 2,742 brands.
According to Cheetah Mobile, this Trojan mainly resides in popular games, tools and social software, including Talking Tom3, Super Mario, Amazon, and more. Cheetah Mobile experts believe that the attack might originate from China.So far, virus samples have been found in Google Play, Aptoide,mobogonie and other popular app stores.
The virus developers have repackaged popular apps and injected malicious code and ad components into them. The repackaged malicious apps are then released into legitimate app markets and made available to massive numbers of users who are keen to download these disguised popular apps. According to Cheetah Mobile, these developers can make an average of $1.50 every time the virus installs an application on a smartphone.
This virus family has gained automatic root permission thereby making it nearly impossible to remove. Clean Master and CM Security have developed a mechanism to deal with the virus called the Ghost Push Trojan Killer.