Ghost Push Trojan still a major threat two years later

Early last year, a Trojan virus by the name of Ghost Push infected 900,000 Android devices. Researchers at Google and elsewhere discovered that the Trojan was able to evade security measures on Google Play and third party sites. After the defenses were bolstered at these app stores, Ghost Push coders developed different offshoots of the Trojan. Now it appears that the virus is affecting Android users in catastrophic numbers once again.

In a report published by Cheetah Mobile Security, researchers have identified the most recent infection pathways affecting Android devices. Pornographic links, malicious ad links (in apps and browsers), and apps themselves appear to be the most prevalent infection vectors. In particular, Cheetah Mobile found that two Android applications, Wireless Optimizer and WiFi Master Pro, not only carried Ghost Push but used the Trojan to gain root access.

It appears that most of the Android devices infected with Ghost Push are in different parts of Asia, as well as South American regions. The countries most affected are Southeast Asian nations like Malaysia and Vietnam. This should not be surprising considering that, as reported by Threatpost, Google identified in a 2015 Android Security Report that "a company in Southeast Asia responsible for providing OTA update infrastructure and updates to Android manufacturers and carriers was compromised." Even though Google worked with this company to improve their security, the damage was already done. We are seeing the fallout occurring even as we head into 2017.

The best course of action to prevent the infection of Ghost Push on your Android device is avoiding any link that looks suspicious. Keep in mind, however, that these malicious links have fooled many and a lot of that has to do with not analyzing the source link enough. Just because something looks legitimate doesn't mean that it actually is. This also goes for any apps that you download. Even if it comes from a reputable source like the Google Play store, it is still possible for your newest app to contain infected ads. Do not under any circumstances click the ads in an app, or frankly, anywhere else. It isn't worth the risk.

Photo credit: Gallowglass

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Microsoft 365 administration: More on configuring Microsoft Teams

Our Microsoft 365 administration series continues with more on configuring Microsoft Teams. In this article,…

8 hours ago

Review: Powerful and secure faxing solution GFI FaxMaker

GFI FaxMaker is a powerful and complete solution that should meet the requirements of every…

12 hours ago

Port in a storm: Creating port ACLs for Hyper-V for better security

There’s no rule that says that you have to make use of port ACLs, but…

15 hours ago

Network appliances: A third way when servers and cloud just won’t cut it

If the cloud doesn't seem right and buying a server costs too much, maybe network…

1 day ago

Understanding MFA changes when enabling Azure Premium features

When enabling Azure Premium, we may see additional screens when a regular user tries to…

1 day ago

How Facebook & Netflix use regression testing to improve release quality

Regression testing checks if a release or update to an application has resulted in new…

2 days ago