Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1805936,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"C"}']

Cheetah Mobile: ‘Ghost Push’ Android virus infects 600k+ users a day with unwanted apps

The Samsung Galaxy Nexus.

Image Credit: TAKA@P.P.R.S./Flickr

Android users should probably be extra careful about what applications they download these days, especially when using non-Google Play stores. According to Cheetah Mobile’s security research lab, there’s a new virus that is spreading pretty quickly — by the firm’s estimates, it’s infecting more than 600,000 users each day.

Called “Ghost Push,” it’s believed to be delivered via malware and is spread through commercial SDK or browser ads. Cheetah Mobile said that it has “affected 14,847 phone types and 3,658 brands.” Once on a device, the virus will install unwanted and annoying apps on your phone and is said to be pretty difficult to remove, even if you’re using an antivirus software or doing a factory reset. Ghost Push will gain root access and cause issues with your device, such as slowing it down, draining its battery, and even consuming lots of cellular data.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1805936,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"C"}']

Cheetah Mobile’s team says it has found 39 apps that have been infected with the Ghost Push virus. It’s possible that these are spoofed applications with the malicious intent of infecting your device. The company says that the app label is designed to trick you, but to know whether it’s real, you can look at the package name. If it’s something like “com.abc.yinhe”, then don’t install it. Best bet: Make sure you’re going through the official developer website to download the app.

Some of these apps you may want to take a second glance at include WiFi Enhancer, TimeService, Assistive Touch, All-star Fruit Slash, MonkeyTest, Super Mario, Simple Flashlight, and Amazon. Cheetah Mobile says these apps are found in app stores and forums other than Google Play — places where the origins of these apps can’t be verified.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

As it’s perhaps one of the first to detect Ghost Push, Cheetah Mobile has issued a way for you to detect it using its own software. You can download Clean Master and CM Security to find out if your device has been compromised. Of course you can do it the old-fashioned and manual way, which the company detailed here.

We’ve reached out to Google for comment and will update this if we hear back.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More