Ghost Push Dominates Android Malware

A single family of malware accounts for most of the current infections on Android devices, according to a new study.

Mobile security firm Cheetah Mobile examined what it said are the two most prevalent Trojan horses on Android – called com.sms.sys.manager and com.al.alarm.controller – and found they were slightly altered variants of a single family, known as Ghost Push.

Most devices vulnerable


The two variants were discovered in January, but Ghost Push itself has been around for several years and has been updated a number of times, Cheetah said.

It’s capable of gaining root privileges on most Android devices running software up to and including version 5, known as Lollipop.

The two newer releases, Marshmallow and Nougat, aren’t vulnerable to Ghost Push, but Cheetah found most users are still running the older software.

Because it gains root privileges, the Trojan is able to install itself in such a way that it’s difficult to remove, Cheetah said. It promotes and automatically installs further apps and displays adverts to generate funds.

Platform updates

Based on data from Cheetah’s security products, the study estimated malware accounts for at least one percent of all applications installed on Android each day.

“The actual amount of malware is far more than this,” the firm said.

Most of the malicious programs are spread through porn websites, deceptive short-links and malicious ads.

Users can protect themselves by avoiding unknown third-party links and downloading software only from reputable app stores, such as those of Google or Amazon.

The figures demonstrate the security risk posed by Android’s decentralised model, which means most users don’t have access to regular operating system updates, according to computer security researcher Graham Cluley.

Handsets manufactured by Google have direct access to updates, but those from other companies may not, he said.

“Carriers, smartphone manufacturers and Google all have to work in unison to get an update pushed out to users,” he said. “And they just don’t seem to have enough incentive to pull together in the right direction.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago