*cheetah mobile*’s writeup (in Chinese): *http://drops.wooyun.org/tips/8923 <http://drops.wooyun.org/tips/8923> *
2015-09-18 16:24 GMT+08:00 Weuzhu Liu <maixiao...@gmail.com>: > http://www.cmcm.com/blog/en/security/2015-09-18/799.html > > Recently, terms like 'Monkey test' and ‘Time service’ have become a > trending topic in the Android community. More and more users have reported > that it's nearly impossible to get rid of these two apps. After days of > research, experts of the CM Security Research Lab successfully discovered > the source of the problem, a virus called ‘Ghost Push.’ > > Disguised as legitimate applications, malware which contains ‘Ghost Push’ > could spread itself widely via commercial SDK or browser ads. This is the > most widespread and infectious virus we've currently seen. So far, ‘Ghost > Push’ has affected 14,847 phone types and 3,658 brands. This virus will > install unwanted and annoying apps on your phone and cannot be removed > easily even by doing a factory reset or using normal antivirus software. > > According to monitoring results from CM Security Research Lab, over 60,000 > android users have been affected within a single day. It's mainly spreaded > through Europe, Russia, the Middle East region, and southern China. > > If your phone gets the virus, it will automatically gain the highest > authority and be able to root your device, and download apps like ‘Monkey > test’ or ‘Time service’ without your permission. This behavior will not > only make your phone slow and drain your battery, but it will also consume > lots of cellular data. With 'Ghost Push' on your phone, it will be able to > do whatever it likes--using that root access. > > As of now, we've discovered 39 apps that contain ‘Ghost Push’: > > WiFi Enhancer > > PinkyGirls > > WordLock > > SettingService > > Sex Cademy > > TimeService > > XVideo Codec Pack > > Fast Booster > > boom pig > > iVideo > > Indian Sexy Stories 2 > > Amazon > > Talking Tom 3 > > WhatsWifi > > Fruit Slots > > Assistive Touch > > Hubii News > > Photo Clean > > Hot Video > > Wifi Speeder > > Accurate Compass > > itouch > > Super Mario > > Lemon Browser > > WiFi FTP > > All-star Fruit Slash > > Light Browser > > SmartFolder > > Multifunction Flashlight > > Ice Browser > > Happy Fishing > > XVideo > > Simple Flashlight > > Assistive Touch > > PronClub > > MonkeyTest > > Memory Booster > > Daily Racing > > Hot Girls > > > *So how can we get rid of it?* > > Clean Master > <https://play.google.com/store/apps/details?id=com.cleanmaster.mguard&referrer=utm_source%3D202004> > and CM Security > <https://play.google.com/store/apps/details?id=com.cleanmaster.security&referrer=utm_source%3Dblog_push> > can > now detect and remove the infection. CM Security Research Lab is also > currently developing a toolkit aimed specifically at ‘Ghost Push’ removal, > which will keep your phone safe. > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
