Ghost Push

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software. The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised. As of September 2015, twenty variants were in circulation. Latter day versions employed routines which made them harder to detect and remove.

The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data. Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.

Infection typically comes via downloading applications from third-party app stores, where at least thirty-nine applications have been identified as carriers. At its peak, the Ghost Push virus infected more than 600,000 devices daily, with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.

The malware was discovered in September 2015 by Cheetah Mobile's security research lab.