Ancient Ghost Push malware 'threatens 57% of Android devices'

Hackers target users on Android Lollipop and older versions

More than half of all Android devices could still be vulnerable to an ancient malware discovered two years ago, new research finds.

The resilient Ghost Push malware, which has evolved since its release in 2014, affects devices running up to version five of Android, codenamed Lollipop. This accounts for around 57% of all users, according to researchers at Chinese firm Cheetah Mobile.

Ghost Push will not operate on the latest versions of Android, including Marshmallow and the upcoming Nougat, although these accounts for just 10% of users (Android's own dashboard puts the Marshmallow figure at 18.7% during a September snapshot).

NetMarketShare figures show that currently, Android accounts for 51.14% of the operating systems on all mobile devices, with Android 6.0 accounting for 14.66% of the market.

Cheetah Mobile found that the majority of infections are coming from open source apps from unknown sources, rather than those found within the Google Play store. Android blocks app downloads from unknown sources by default, as they don't go through the same security vetting process as Play store apps, and users have to enable these downloads manually.

But Cheetah warned that three different instances of malware are being installed more than 10,000 times each day through the unknown sources feature.

Two specific Trojans, which made up the largest proportion of infections, were found to be part of the Ghost Push family.

Once installed on a device, the malware will promote malicious and pornographic pages that hold yet more malware, trick users into purchasing apps, and display ad-laden notifications to the user.

"So far, this Trojan family represents most infections," the research said. "As these root Trojans are very difficult to remove, and they often update the ads or root sdk automatically, there is a stable bunch of 'users'."

"The main sources of Trojans are pornographic websites, short links and ad links," Cheetah's report added

A number of legitimate apps found in third-party forums were also found to contain malicious links, including MX Player Pro, Run Keeper, and Music Player Pro.

Of course the best course of action for any user is to update to the latest version of Android. Users that are unable to update, or simply don't want to, are advised to avoid clicking on third-party links from unknown sources and stick to verified Google apps.

If your device is already infected, Cheetah mobile recommends using Trojan Killer to remove the malware, or restore your phone back to factory settings.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Best Linux distros 2020
operating systems

Best Linux distros 2020

18 May 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020