Ghost Push Remains a Very Popular Mobile Trojan on Android

A new version of the infamous Ghost Push malware is making the rounds in the mobile space right now. Even though this toolkit has been wreaking havoc upon Android devices for nearly two years now, the threat is far from eliminated. The bigger question is why and how these mobile Trojans continue to claim victims, even though security experts are all too familiar with this malicious software.

Ghost Push Continues To Cause Trouble On Android

Cheetah Mobile released their new report about the improved version of the popular Android Trojan Ghost Push. As one might expect, the majority of infected devices are a direct result of sideloading unofficial malicious APK files. Any app that does not come from the Google Play Store directly, always carries a certain risk.

To put things into perspective, nearly one million apps are downloaded onto Android devices every single day. About one percent of those downloads contain some sort of malware, mostly Trojans. That puts 10,000 software installs per day at risk of being loaded with malware, which is a very worrisome number to say the least.

Ghost Push is one of the preferred payloads among hackers and other online criminals. This trend started since the inception of this malware, which was first discovered at the end of 2014. Just last year the malware succeeded in infecting over 900,000 Android devices around the world, which was also its “strongest year” to date.

Criminals successfully spread this software by bundling it with legitimate applications. Some of their favorites are Wordlock and Super Mario, both of which see hundreds of downloads every single day. More worryingly, the malware easily bypasses Google’s security measures. In addition, there is a second method of attack as well, which spreads this malware through bogus mobile websites.




While there is argument to be made for downloading unofficial APK files from third-party websites, one can never be 100% certain that the offering is entirely legitimate. In some cases even site owners hosting these APK’s may not know the file is infected. Interestingly enough, researchers believe that most of the infected files are offered by adult websites and deceptive advertising links.

To make matters even worse, Ghost Push can infect any device that is not running Android 6.0 Marshmallow. It is unknown if Android 7.0 is safe from harm, but it seems safe to assume that this is the case. Once the malware infects a device, it will gain root access. For now it is unclear as to what criminals would do once they have infected millions of devices. Anything is possible, from massive ddos attacks to thousands of stolen credentials being sold on the darknet. It is always a good idea to run unofficial apk files through an antivirus check before resorting to installing them on your device.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Leave a Reply