Early last year, a Trojan virus by the name of Ghost Push infected 900,000 Android devices. Researchers at Google and elsewhere discovered that the Trojan was able to evade security measures on Google Play and third party sites. After the defenses were bolstered at these app stores, Ghost Push coders developed different offshoots of the Trojan. Now it appears that the virus is affecting Android users in catastrophic numbers once again.
In a report published by Cheetah Mobile Security, researchers have identified the most recent infection pathways affecting Android devices. Pornographic links, malicious ad links (in apps and browsers), and apps themselves appear to be the most prevalent infection vectors. In particular, Cheetah Mobile found that two Android applications, Wireless Optimizer and WiFi Master Pro, not only carried Ghost Push but used the Trojan to gain root access.
It appears that most of the Android devices infected with Ghost Push are in different parts of Asia, as well as South American regions. The countries most affected are Southeast Asian nations like Malaysia and Vietnam. This should not be surprising considering that, as reported by Threatpost, Google identified in a 2015 Android Security Report that “a company in Southeast Asia responsible for providing OTA update infrastructure and updates to Android manufacturers and carriers was compromised.” Even though Google worked with this company to improve their security, the damage was already done. We are seeing the fallout occurring even as we head into 2017.
The best course of action to prevent the infection of Ghost Push on your Android device is avoiding any link that looks suspicious. Keep in mind, however, that these malicious links have fooled many and a lot of that has to do with not analyzing the source link enough. Just because something looks legitimate doesn’t mean that it actually is. This also goes for any apps that you download. Even if it comes from a reputable source like the Google Play store, it is still possible for your newest app to contain infected ads. Do not under any circumstances click the ads in an app, or frankly, anywhere else. It isn’t worth the risk.
Photo credit: Gallowglass