Ghost Push, the malware that had infected over 900,000 Android devices till last year, continues to wreak havoc on smartphones and tablets running Google’s mobile operating system, according a new report by Chinese antivirus firm Cheetah Mobile. The study says that the malware is infecting 10,000 new devices a day even now, and over 50 percent of the affected devices are from India.
It has been more than a year since Cheetah Mobile first discovered the malware Ghost Push. In its latest report, the firm has claimed that smartphones running Lollipop and older Android versions are still vulnerable to the malware, which has evolved since over the past year.
The report says that the malware is not able to infect Android versions starting from Android 6.0 but can potentially infect devices on all versions up to Marshmallow. Ghost Push malware first obtains root access to the affected Android device and then installs more malicious apps.
As per Google’s Android distribution data from September, only 18.7 percent of Android users are running Android 6.0 Marshmallow or above, which effectively means that 81.3 percent of the total Android users are at a potential risk of getting affected by this malware.
The malware not only displays ads and promotes apps and web pages but can also lead users to pornographic websites. It can also show advertisements in the Notification Bar. Ghost Push trojans are promoting as many as 30,000 to 40,000 apps on infected devices, including legitimate apps as well as malware.
As last year’s report had noted, the malware had managed to find its way to inside of many Google Play apps. Now, the firm is saying that the installation of apps from unknown sources is one of the major reasons for the devices to get affected by this malware. Popular apps like MX Player Pro, ES File Manager Pro, Run Keeper, Firefox and Music Player Pro, if downloaded from unknown sources, can be potentially infected with Ghost Push.
It is highly advisable for all Android users to constantly update their devices with the latest software upgrades – if available – in order to ensure that they are protected against these kinds of threats.