Ghost Push Dominates Android Malware

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Malware makes up at least one percent of all daily Android app installs, finds study

A single family of malware accounts for most of the current infections on Android devices, according to a new study.

Mobile security firm Cheetah Mobile examined what it said are the two most prevalent Trojan horses on Android – called com.sms.sys.manager and – and found they were slightly altered variants of a single family, known as Ghost Push.

Most devices vulnerable

Google Android
The two variants were discovered in January, but Ghost Push itself has been around for several years and has been updated a number of times, Cheetah said.

It’s capable of gaining root privileges on most Android devices running software up to and including version 5, known as Lollipop.

The two newer releases, Marshmallow and Nougat, aren’t vulnerable to Ghost Push, but Cheetah found most users are still running the older software.

Because it gains root privileges, the Trojan is able to install itself in such a way that it’s difficult to remove, Cheetah said. It promotes and automatically installs further apps and displays adverts to generate funds.

Platform updates

Based on data from Cheetah’s security products, the study estimated malware accounts for at least one percent of all applications installed on Android each day.

“The actual amount of malware is far more than this,” the firm said.

Most of the malicious programs are spread through porn websites, deceptive short-links and malicious ads.

Users can protect themselves by avoiding unknown third-party links and downloading software only from reputable app stores, such as those of Google or Amazon.

The figures demonstrate the security risk posed by Android’s decentralised model, which means most users don’t have access to regular operating system updates, according to computer security researcher Graham Cluley.

Handsets manufactured by Google have direct access to updates, but those from other companies may not, he said.

“Carriers, smartphone manufacturers and Google all have to work in unison to get an update pushed out to users,” he said. “And they just don’t seem to have enough incentive to pull together in the right direction.”

Are you a security pro? Try our quiz!