New malware infects Play Store apps, nests itself in phone's root folder and downloads endless ads

Android developer Cheetah Mobile — known for products, such as Clean Master, CM Launcher, CM Security, and Battery Doctor — reports that it has discovered a nasty malware lurking in apps found in the official Play Store. Dubbed Ghost Push, it's a nasty, nasty trojan, which will reportedly nest itself in the phone's root folder and refuse to be removed unless special tools are used.

The malware is reported to have branched up in many variants, and is distributed through popular apps in forums, 3rd party app stores, and even Google's official Play Store. It is said that 900,000 Android devices across 116 countries have been infected. Apps that carry the trojan are repackaged versions of various calculators, smart or assistive touch apps, Talking Tom 3, and many others – usually popular software solutions that users would easily trust. Thankfully, the infected apps have been reportedly pulled from the Play Store and more popular app stores at the time of writing this article.

What Ghost Push and its branched-out siblings would do is they would nest themselves in the user's phone and then begin pushing ads, even installing other infected apps on the device. The end goal is to push as many ads as possible and the report suggests that the hackers have been making more than 4 million dollars per day.

Cheetah Mobile claims to have developed a tool that can find and get rid of Ghost Push infecting your device. You can find a link to its Play Store page below.

Download Ghost Push Trojan Killer



1. namesib

Posts: 97; Member since: Feb 08, 2015

I'm not downloading anything from this company.

22. Swordylove

Posts: 209; Member since: Jun 27, 2015

Sorry for noob question, but what's wrong with them?

2. Captain_Doug

Posts: 1037; Member since: Feb 10, 2012

4 million a day? Sounds like I should become a hacker. Although really, has anybody actually been a target of malware? I've been using android phones for 5+ years and have never dealt with any of this stuff and I do some shadier stuff like sideloading apps and using third party app stores.

14. Tizo101

Posts: 572; Member since: Jun 05, 2015

I would like to know someone who got affected by all these malware, viruses or whatever they want to call them. I haven't seen any of these things first hand (since 2011)

15. Arch_Fiend

Posts: 3951; Member since: Oct 03, 2015

I've Never Had A Problem Either And I Use 3rd Party App Stores An Apk Downloads All The Time, Have Been Since 2010.

33. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

I get to deal with them weekly actually. So much so that we have several articles on how to remove them. The latest one I dealt with was one that looked like a booster. It was a black box with a white rocket. Forget the name at this time (i deal with many different forms and the names change constantly), but it was downloading apps all by itself. We found and confirmed 25 unwanted app downloads. This is nothing new. From FBI porn lockout, to various others that may not prop up on sites like this. Its a crappy customer interaction because half of them have now clue how it got there and they think the carrier did it. And they loose trust in the device and want a warranty exchange which isn't always liked for simple software. But if a reset will not fix because of a root infect, then there is no other option for us.

3. Biernot unregistered

hey you have 10000 trojan on your phone download our app. Nice try ^^

4. ArtSim98

Posts: 3535; Member since: Dec 21, 2012

4 million a day? Damn.

5. vivaapple

Posts: 31; Member since: Jun 02, 2015

Android serves it right.

23. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Is android an evil OS that does evil things to people? I do not get your logic of android deserving something like this. Put your hate on the ones developing the trojans, troll

6. tacarat

Posts: 854; Member since: Apr 22, 2013

So far I'm seeing the problem coming from side loaded or pirated apps. Even jail broken iPhone have that. I'm more curious about infected apps in the play store. Verification would be nice.

7. RebelwithoutaClue unregistered

The source is cheetah mobile? Hahaha I'll pass. Was very fond of Quickpic until they sold out to these guys and deleted it.

8. Captain_Doug

Posts: 1037; Member since: Feb 10, 2012

It's still in the Play store. What do you mean they deleted it?

11. RebelwithoutaClue unregistered

I was very fond of Q.. I deleted it

13. Captain_Doug

Posts: 1037; Member since: Feb 10, 2012

It still works doesn't it? Who cares who owns it. Just don't update it.

28. RebelwithoutaClue unregistered

Sorry but when I see an update I need to install it..

19. hafini_27

Posts: 951; Member since: Oct 31, 2013

Just stay on 4.5.2 version. I can't find another gallery viewer as powerful and lightweight as Quickpic. Suck that it is now owned by freaking Cheetah Mobile though.

29. RebelwithoutaClue unregistered

I do miss it, I can always try and break the playstore link using Titanium, I can't stand seeing an update and not updating it

9. GoBears

Posts: 456; Member since: Apr 27, 2012

My ass nobody makes money from Android!

10. JC557

Posts: 1921; Member since: Dec 07, 2011

Cheetah Mobile also develops the CM Browser that you guys suggested as a fast browsing alternative some time ago.

12. kajam

Posts: 221; Member since: Jun 24, 2015

Where is the iSheep ????

16. King_bilo

Posts: 115; Member since: May 20, 2015

Still in bed

25. Zylam

Posts: 1817; Member since: Oct 20, 2010

Android has malware that makes hackers money and you're calling for the isheep? To tell him what that Android has malware?

17. Podrick

Posts: 1285; Member since: Aug 19, 2015

Somebody makes money with Android.

18. Acer_Predator unregistered

This is horrible .. these days you have no idea what is happeningwith our device.. and in future it will be x10 sophisticated.. Snowden said yhey can enable your mic in android phone or iphone while you have it in pocket.. really ridiculous!

20. Odeira

Posts: 300; Member since: Jun 29, 2012

Why do I have this gut feeling that Cheetah Mobile is the one CREATING all these malware and viruses so people are "compelled" to download their blood sucking antivirus and cleansing utilities, when all you really need to prevent ANY form of malware and virus is KNOW WHAT YOU'RE DOING IN THE FIRST PLACE...?

34. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

I wouldn't be surprised. Lately at my job, people with multiple issues all have CM software installed. Once issues.


Posts: 1168; Member since: Oct 05, 2015

I use third party apps because they allow things that go beyond the normal user experience. No one that doesn't have a rooted phone and knows about this stuff should be downloading third party apps anyways. If you're rooted, there's no reason why you shouldn't have a firewall anyways. Even if it downloaded itself (somehow), it wouldn't be able to do anything to your system. Firewall will alert you to any app that's downloaded, in order to get Internet permissions. Then you politely say "h3ll to the no. Deleted."

24. LikeMyself

Posts: 631; Member since: Sep 23, 2013

I'm pretty sure they themselves made that and then 'discovered' to make them look like a good company. Hate cm and even more now that they have QuickPic in their hands. For the 1st time quickpic has more incremental version number. It only had x.x.x before and now x.x.x.xxxxxxxxxxx

26. Mfa901

Posts: 291; Member since: Jul 14, 2012

CM is a troll company...they bought quickpic and ruined it. now i have downloaded an older version from xda and also blocked it in firewall :I

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.