Old-school Ghost Push malware could infect half of Android phones

It might have been more than two years since we were first made aware of it, but the trojan malware Ghost Push is still circulating – and more than half of Android phones remain vulnerable to infection.

This vulnerability is largely because more than half of Android phones currently in use still run older versions of Android. Ghost Push is able to infect up to Android version five, Lollipop, which 57% of Android phones still use. 

The malware isn’t able to run on versions six or seven, Marshmallow and Nougat, but far fewer Android users have updated to these operating systems

According to researchers at mobile security firm, Cheetah Mobile, most infections are coming from pirate and open-sourced apps installed from outside the official Google Play store and that “so far, this trojan family represent most infections.”

Update to exorcise

Typically, once the malware has installed itself on a users phone, it will display deceptive or pornographic pages, promote web pages that install more malicious malware, push ads into the Android notification bar, and trick users into paying for malicious third party services. 

In their report on the family of trojans, Cheetah Mobile say that they are “mainly spreading through pornographic websites, deceptive advertising and other third-party webpages. Currently, almost all Android versions except Android 6.0 are at risk of being rooted.”

To avoid the malware, Cheetah Mobile recommend that it’s best to only download trustworthy apps from the Google Play store and to avoid clicking on any third-party links to unknown websites. 

You should also make sure that your phone is running the most up-to-date Android operating system. As soon as an update becomes available it’s advisable to install it. 

Phones which run purer versions of Android tend to receive updates the fastest. 

Of course, this isn't possible for everyone and in such cases it's best to err on the side of caution and install some form of antivirus app. These apps aren't able to stop all attacks but it's best to have an extra layer of security that will regularly scan your phone and alert you to any apps that are asking for excessive permissions.

Emma Boyle

Emma Boyle is TechRadar’s ex-Gaming Editor, and is now a content developer and freelance journalist. She has written for magazines and websites including T3, Stuff and The Independent. Emma currently works as a Content Developer in Edinburgh.