14 DAY TRIAL // A new type of Android malware has been observed in the wild, packaged with Android apps being distributed through non-Google app stores, infecting more than 600,000 new users each day.
This new malware has been named Ghost Push and has been discovered by Cheetah Mobile, a leading Android developer responsible for popular apps like Battery Doctor, Clean Master, CM Browser, CM Security, and CM Launcher.
According to Cheetah Mobile's estimations, the malware has currently infected 14,847 phone types and models, from 3,658 brands, with most of the affected users residing in Eastern Europe, Russia, India, Mexico, Venezuela, the Middle East, South-East Asia, and Southern China.
The company's security researchers claim to have gotten on the Ghost Push's trail after they frequently ran into support topics on Android forums asking for help in removing a few uninstallable apps.
Taking a closer look at the apps in question, the researchers found malware hiding in its code that managed to root the victim's phone and install itself in the ROM.
Ghost Push, a nearly uninstallable malware
By doing this, the malware became boot-persistent, automatically starting every time the phone was restarted. This meant that countermeasures like starting the device in safe mode or performing a factory reset would not be enough to remove the malware permanently from infected Android phones.
As of the time of this article, Cheetah Mobile claims that it has detected 39 apps, distributed through unofficial channels, which were bundled with Ghost Push.
The apps are Accurate Compass, All-star Fruit Slash, Amazon, Assistive Touch, Assistive Touch, Boom Pig, Daily Racing, Fast Booster, Fruit Slots, Happy Fishing, Hot Girls, Hot Video, Hubii News, Ice Browser, iTouch, iVideo, Indian Sexy Stories 2, Lemon Browser, Light Browser, Memory Booster, MonkeyTest, Multifunction Flashlight, Photo Clean, PinkyGirls, PronClub, SettingService, Sex Cademy, Simple Flashlight, SmartFolder, Super Mario, Talking Tom 3, TimeService, WhatsWifi, WiFi Enhancer, WiFi FTP, Wifi Speeder, WordLock, XVideo, and XVideo Codec Pack.
The company says that its products, Clean Master and CM Security, can detect the infection.
To help users get rid of the Ghost Push malware, Cheetah Mobile has provided a special app called Stubborn Trojan Killer on the Google Play Store, but it has also furnished step-by-step instructions on how to remove the malware yourself.
