Android Malware Tough to Remove

Wednesday, September 23, 2015 @ 01:09 PM gHale

A new Android malware is infecting over 600,000 users each day after its developers package it with Android apps distributed through non-Google app stores.

This new malware, called Ghost Push, infected 14,847 phone types and models, from 3,658 brands, with most of the affected users in Eastern Europe, Russia, India, Mexico, Venezuela, the Middle East, South-East Asia, and Southern China.

Android 5 Lockscreen Flaw Fixed
Google Search Console as Hacker Tool
Tough Ransomware Targets Android
Zero Day Flaws in Browsers for Android

Discovered by Cheetah Mobile, an Android developer responsible for apps like Battery Doctor, Cleam Master, CM Browser, CM Security, and CM Launcher.

The company’s security researchers said they stumbled upon Ghost Push after they ran into support topics on Android forums asking for help in removing uninstallable apps.

As a result, the researchers found malware hiding in its code that managed to root the victim’s phone and install itself in the ROM.

By doing this, the malware became boot-persistent, automatically starting every time the phone restarted. Countermeasures, like starting the device in safe mode or performing a factory reset, would not be enough to remove the malware.

Cheetah Mobile said it detected 39 apps distributed through unofficial channels bundled with Ghost Push.

To help users eliminate Ghost Push malware, Cheetah Mobile has provided a special app called Stubborn Trojan Killer on the Google Play Store, but it has also furnished step-by-step instructions on how to remove the malware yourself.