Cheetah Mobile has released a warning about a new malware called "Ghost Push" that it has discovered, which infects an estimated 1.3 million Android-based mobile phones per day around the world.
According to the security research lab of Cheetah Mobile, one of the most well-known developers of Android apps and utilities, the malware is being distributed through non-Google app stores and has infected 14,846 types of phones and 3,658 brands.
Most of the affected users are residents of countries like China, United States, India and Mexico, with some users being from Taiwan.
Cheetah Mobile's security researchers claim to have found Ghost Push after frequently running into support topics on Android forums wherein users were asking for help to remove apps that they could not uninstall.
After examining the apps reported on the forums, the researchers found malware in the code that managed to install itself in the read-only memory (ROM) of its victim's phone.
The method by which the malware infected Android phones allowed it to become boot-persistent, automatically restarting with the phone's restarts. This meant that countermeasures usually taken, including starting the device in safe mode or restoring factory settings, would not be enough to remove the malware permanently from the phone.
While infecting the phone, Ghost Push slows it down, drains its battery and consumes large amounts of cellular data.
Cheetah Mobile claims that it has detected 40 apps with Ghost Push, including MokeyTest, SmartFolder and TimesService. The company claimed that its products Clean Master and CM Security could easily detect the infection.
Cheetah Mobile also claims to offer users a way to delete the malware using Stubborn Trojan Killer, an app available on Google Play Store that provides step-by-step instructions to delete the malware manually.