Number: IRCNE2015102651
Date: 2015/10/08
According to “zdnet”, the Ghost Push malware continues to circulate in the wild and has been detected infecting Android apps to compromise user mobile devices.
Researchers at Trend Micro say the new variations are more difficult to detect and are pushing the malware epidemic to another level, with earlier research suggesting Ghost Push is infecting 600,000 users per day.
The malware enters mobile devices through users downloading malicious apps offered by third-party hosts rather than the official Google Play Store.
In total, 39 original apps -- including spoofed versions -- facilitated the spread, including WiFi Enhancer, Amazon, Super Mario, Memory Booster and WordLock.
While Ghost Push has been active since April this year, activity spiked in September.
Further investigation has revealed Ghost Push is now being modified and over 20 variants of the malicious code is in the wild.
The malware runs a malicious DEX file after installation, which does not show up through any icon or notification. Once the DEX file has loaded, other activities take place such as downloading malicious processes and running the app automatically on startup. The malware then roots the victim's device.
The malware is then free to install unwanted apps and adverts, conduct surveillance and steal personal information.
To avoid becoming an unwitting victim of the malware, you should only download Android mobile applications from the Google Play Store or trusted third parties.
- 6