Ghost Push Trojan still a major threat two years later

Early last year, a Trojan virus by the name of Ghost Push infected 900,000 Android devices. Researchers at Google and elsewhere discovered that the Trojan was able to evade security measures on Google Play and third party sites. After the defenses were bolstered at these app stores, Ghost Push coders developed different offshoots of the Trojan. Now it appears that the virus is affecting Android users in catastrophic numbers once again.

In a report published by Cheetah Mobile Security, researchers have identified the most recent infection pathways affecting Android devices. Pornographic links, malicious ad links (in apps and browsers), and apps themselves appear to be the most prevalent infection vectors. In particular, Cheetah Mobile found that two Android applications, Wireless Optimizer and WiFi Master Pro, not only carried Ghost Push but used the Trojan to gain root access.

It appears that most of the Android devices infected with Ghost Push are in different parts of Asia, as well as South American regions. The countries most affected are Southeast Asian nations like Malaysia and Vietnam. This should not be surprising considering that, as reported by Threatpost, Google identified in a 2015 Android Security Report that "a company in Southeast Asia responsible for providing OTA update infrastructure and updates to Android manufacturers and carriers was compromised." Even though Google worked with this company to improve their security, the damage was already done. We are seeing the fallout occurring even as we head into 2017.

The best course of action to prevent the infection of Ghost Push on your Android device is avoiding any link that looks suspicious. Keep in mind, however, that these malicious links have fooled many and a lot of that has to do with not analyzing the source link enough. Just because something looks legitimate doesn't mean that it actually is. This also goes for any apps that you download. Even if it comes from a reputable source like the Google Play store, it is still possible for your newest app to contain infected ads. Do not under any circumstances click the ads in an app, or frankly, anywhere else. It isn't worth the risk.

Photo credit: Gallowglass

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Who says configuration management can’t be fun?

Managing change in an enterprise isn’t easy and it’s usually no fun. Here’s a book on configuration management that will…

3 hours ago

Choosing the right communication tools for your business

Choosing communication tools is like choosing a first progamming language. While you want easy, you also want cross-platform, security, and…

6 hours ago

Ignite 2019: Azure Arc extends Azure management across infrastructures

In one of the biggest announcements at this month's Ignite 2019, Microsoft gave us details Azure Arc, a new set…

22 hours ago

Your eyes are not playing tricks: New Azure Portal features

If you logged into Azure Portal over the past few days, you may have suffered a little disorientation. Some new…

1 day ago

Sky is falling: Will the cloud end up bankrupting your small business?

Cloud computing offers many benefits to small businesses, but it also brings certain risks, including the risk of bankrupting your…

1 day ago

Managing accelerated networking in Azure IaaS virtual machines

Configuring your IaaS Azure virtual machines to take advantage of accelerated networking can vastly improve network performance. Here’s how to…

1 day ago