We’ve seen a surge in malware that infects your device then tries to gain root access.

Just a few days ago, we told you about the Kemoge malware that was making its way around the world. Today, a similar malware called Ghost Push was recently discovered.

That malware works in a suspiciously similar way to Kemoge and attempts to grant itself root access after being installed on your device. After the installation is complete and root access is granted, Ghost Push communicates with remote servers to infect your device even further.

The biggest difference between Ghost Push and Kemoge malware, however, is that Ghost Push has been spotted on the Google Play Store in multiple apps.

How Does Ghost Push Work?

Ghost Push was discovered by security researchers at Cheetah Mobile on September 18, 2015. Over the past few weeks, the malware has spread to over 900,000 Android tablets and smartphones around the world.

The malware was able to bypass security measures on the Google Play Store and other app stores. Then, Ghost Push was able to gain full root control of numerous devices.

After gaining root access, Ghost Push was nearly impossible to get rid of: even a factory reset wouldn’t get rid of the malware because the root folders lie even deeper than the factory reset level.

TheHackerNews.com published the following infographic explaining how the infection works:

ghost push

Affected Apps Included Calculators and Smart Touch Apps

The apps that were infected by this recall looked innocent enough. They have names and icons that make themselves look trustworthy and interesting.

Some of the infected apps included Calculator, Smart Touch, Talking Tom 3, Assistive Touch, Easy Locker, Privacy Lock, and others.

The App Reportedly Made Chinese Hackers $4.05 Million Per Day

After gaining root access to the device, Chinese hackers running the operation would push app installations without the consent of the user. These apps weren’t free.

One estimate claimed that this activity generated $4.05 million per day for the criminal ring.

Ghost Push Trojan Killer App Now Available

Cheetah Mobile has released a free tool to check if you’re infected by the Trojan. If you are infected, then the app will remove it.

A recent scan showed that Ghost Push had infected thousands of smartphones all over the world. Most of these phones were in countries like India and China, although the United States was also found to have thousands of infected apps.

You can download that tool for free from here: https://play.google.com/store/apps/details?id=com.cleanmaster.security.stubborntrjkiller

Leave a Reply

You must be logged in to post a comment.