Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software.[1][2] The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised.[3] As of September 2015, twenty variants were in circulation.[4] Latter day versions employed routines which made them harder to detect and remove.[1]
The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data.[3] Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.[2]
Infection typically comes via downloading applications from third-party app stores,[4] where at least thirty-nine applications have been identified as carriers.[3] At its peak, the Ghost Push virus infected more than 600,000 devices daily,[3] with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.
The malware was discovered in September 2015 by Cheetah Mobile's security research lab.[2][3][5][6][7]