PUT YOUR ANDROID whatever back in its sand bucket. It is facing another threat. This one is spooky sounding and has been dubbed Ghost Push by Yang Yang and Jordan Pan of the Trend Micro security labs outfit.
The threat presents itself to people who download things from untrusted third-party stores, which is not everyone, and seems to behave in a way that is sophisticated - unlike perhaps people who download things from untrusted sites. Ghost Push is not new and neither is this method of infection.
"Halloween is still a month from now yet Android users are already being haunted by the previously reported Ghost Push malware, which roots devices and makes them download unwanted ads and apps. The malware is usually packaged with apps that users may download from third-party app stores," said Yang and Pan.
"Further investigation of Ghost Push revealed more recent variants which, unlike older ones, employ routines that make them harder to remove and detect."
Pan and Yang said that there are some 20 variants of Ghost Push in the wild, and that the threat has been active since April. It has ramped itself up during September and is presenting the worst side of itself in India and Indonesia, where 32 and 24 percent of infected devices can be found.
Trend does not think that this ghost theme is related to the XcodeGhost malware that bothers iOS users, but it does think that someone quite sophisticated is behind the attacks.
"It is likely that a team of cyber criminals are behind Ghost Push and they are not exactly new to the malware creation industry," the researchers wrote.
"This group has already published 658 different malicious applications (1,259 different versions) in third-party app stores unrelated to Ghost Push. One of these apps has infected more than 100,000 devices, two more than 10,000 and seven more than 1,000."
Third-party download sites are the reason for most of the affected devices and applications, but Yang and Pan said that a couple made it through to the official Google Play store.
"We also found two legitimate apps unrelated to Ghost Push that the same creators published on Google Play, which have since been removed," they said, explaining that these apps accumulated some 10,000 downloads before being pulled.
"These show that this group possesses ample technical knowledge to effectively victimise thousands of devices and evade detection," Yang and Pan said.
Once a device is infected the malware can launch other applications and services and steal personal information. µ
Looks like someone pressed the wrong button on the routing machine
Half-Life 3 VR anyone
Whilst some old favourites graduate to the main browser