Ghost Push - Wikipedia

Ghost Push

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious and unwanted software.[1][2] The malware appears to have been discovered in September 2015 by the security research lab at Cheetah Mobile, who subsequently developed diagnostic software to determine whether a device has been compromised.[3] As of September 2015, twenty variants were in circulation.[4] Latter day versions employed routines which made them harder to detect and remove.[1]

The malware hogs all the system resources, making the phone slow, draining the battery and consuming cellular data.[3] Advertisements continually appear either as full or partial screen ads or in the status bar. The applications installed by the malware appear to be difficult to remove, impervious to anti-virus software and even surviving a factory reset of the device.[2]

Infection typically comes via downloading applications from third-party app stores,[4] where at least thirty-nine applications have been identified as carriers.[3] At its peak, the Ghost Push virus infected more than 600,000 devices daily,[3] with 50% of infections occurring from India, as well as from Indonesia and the Philippines, ranking second and third.

The malware was discovered in September 2015 by Cheetah Mobile's security research lab.[2][3][5][6][7]


  • aYang, Yang; Pan, Jordan (30 September 2015). "New "Ghost Push" Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps".bSecurity Intelligence Blog(Blog posting). Trend Micro. Retrieved 18 May 2019.
  • a b "'Ghost Push' Malware Infects 600K Android Users Daily". Retrieved 2016-01-09. c
  • a b c d Yeung, Ken (18 September 2015). "Cheetah Mobile: 'Ghost Push' Android virus infects 600k+ users a day with unwanted apps" (Blog or News (unclear)). VentureBeat. Retrieved 18 May 2019. e
  • aNeal, Dave (1 October 2015). "Ghost Push malware is putting the willies up Android users - TheINQUIRER".bThe Inquirier. London: Incisive Business Media. Archived from the original on October 2, 2015. Retrieved 18 May 2019.{{cite web}}: CS1 maint: unfit URL (link)

Source: Wikimedia Foundation, Inc.