Ghost Push
Ghost Push is kind of malware which infects the Android OS by automatically gaining root access, download malicious software, convert to system app and then losing root access which virtually impossible to remove the infection by factory reset unless the firmware is reflashed. The malware hogs all system resources making it unresponsive and drains the battery. The advertisements always appeared anytime either full screen, part of a display, or in status bar. The unnecessary apps is automatically activate and sometimes downloads another malicious software when connected to the internet. It is harder to detect and steals user information.[1]
History
It was discovered in September 18, 2015 by Cheetah Mobile's CM Security Research Lab.[2][3][4][5][6]
Further investigation of Ghost Push revealed more recent variants, which, unlike older ones, employ the following routines that make them harder to remove and detect:[7]
- encrypt its APK and shell code,
- run a malicious DEX file without notification,
- add a “guard code” to monitor its own processes,
- rename .APK (Android application package) files used to install the malicious apps,
- and launch the new activity as the payload.
References
- ↑ http://www.theinquirer.net/inquirer/news/2428494/ghost-push-malware-is-putting-the-willies-up-android-users
- ↑ "Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps | VentureBeat | Security | by Ken Yeung". venturebeat.com. Retrieved 2016-01-09.
- ↑ "‘Ghost Push’ Malware Infects 600K Android Users Daily". tripwire.com. Retrieved 2016-01-09.
- ↑ "How to avoid the new Android "Ghost Push" virus | One Page | Komando.com". komando.com. Retrieved 2016-01-09.
- ↑ "'Ghost Push': An Un-Installable Android Virus Infecting 600,000+ Users Per Day - The world’s leading mobile tools provider". cmcm.com. Retrieved 2016-01-09.
- ↑ http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-variants-sport-guard-code-malware-creator-published-over-600-bad-android-apps/