Android users should probably be extra careful about what applications they download these days, especially when using non-Google Play stores. According to Cheetah Mobile’s security research lab, there’s a new virus that is spreading pretty quickly — by the firm’s estimates, it’s infecting more than 600,000 users each day.
Called “Ghost Push,” it’s believed to be delivered via malware and is spread through commercial SDK or browser ads. Cheetah Mobile said that it has “affected 14,847 phone types and 3,658 brands.” Once on a device, the virus will install unwanted and annoying apps on your phone and is said to be pretty difficult to remove, even if you’re using an antivirus software or doing a factory reset. Ghost Push will gain root access and cause issues with your device, such as slowing it down, draining its battery, and even consuming lots of cellular data.
Cheetah Mobile’s team says it has found 39 apps that have been infected with the Ghost Push virus. It’s possible that these are spoofed applications with the malicious intent of infecting your device. The company says that the app label is designed to trick you, but to know whether it’s real, you can look at the package name. If it’s something like “com.abc.yinhe”, then don’t install it. Best bet: Make sure you’re going through the official developer website to download the app.
Some of these apps you may want to take a second glance at include WiFi Enhancer, TimeService, Assistive Touch, All-star Fruit Slash, MonkeyTest, Super Mario, Simple Flashlight, and Amazon. Cheetah Mobile says these apps are found in app stores and forums other than Google Play — places where the origins of these apps can’t be verified.
As it’s perhaps one of the first to detect Ghost Push, Cheetah Mobile has issued a way for you to detect it using its own software. You can download Clean Master and CM Security to find out if your device has been compromised. Of course you can do it the old-fashioned and manual way, which the company detailed here.
We’ve reached out to Google for comment and will update this if we hear back.