Receiving a Ghost Push Malware alert
You may have recently received a letter and/or email from Virgin Media explaining that we have been notified that an Android device on your network contains malware named Ghost Push. If you have received such a communication from us, please follow the advice given on this page to resolve the issue.
Ghost Push is a form of Trojan that specifically targets the Android operating system. The malware is mainly distributed through applications downloaded from untrusted third parties, but can also be hidden in applications downloaded from official markets such as Google Play.
The Ghost Push malware is designed to gain total root access to devices and download malicious software which can steal personal and financial information. A newer variant of the malware, known as Gooligan, has the ability to gain access to your Google accounts such as Google Play, Gmail, Google Drive etc. Steps to remove the malware should be taken as soon as possible to ensure your personal and financial data is not compromised.
What has happened?
We work with a number of not-for-profit organisations across the banking industry and security sectors that collate information on devices across the Internet that are infected with malware. They have notified us that an Android device on your home Internet connection (or one connected to your home network) is infected with malware.
Your financial transactions and personal data could be at risk. It is therefore important that you follow the advice in this article.*
Want a hand fixing your home devices?
If you require expert assistance to deal with this issue why not use our payable Gadget Rescue** service to help secure your home devices? Gadget Rescue operates 24/7 and solves 99% of digital issues from smart phones to digital cameras.
Want to fix the issue yourself?
We’re here to help and if you have a basic knowledge of computers and connected devices there are a number of steps you can take to secure your home network.
Please apply these steps in order:
1 - Check to see if your device has an infection 1 - Check to see if your device has an infection
The easiest way to do this is by using an anti-virus scanner; some suggested are;
You can find these and other virus scanners on the Google Play Store.
Check Point, a threat research and security insights blog, provides a website where it’s possible to check if your Google account has been affected by Gooligan:
2 - Restore to Factory settings 2 - Restore to Factory settings
If it is found that your device has the Ghost Push malware, the only method to completely clear your device of the infection is to restore to factory settings. However, it is very important to note that restoring your device to factory settings will delete all of your personal data.
For information on how to perform a factory reset, please refer to the user manual for your device or consult the manufacturer’s website.
3 - Flash the firmware 3 - Flash the firmware
If a complete factory reset does not completely removed the infection, it may be necessary to re-flash the firmware on your device, this will essentially reinstall a clean version of the operating system. This is a complex process and we recommend taking your device to a certified engineer.
4 - Change your Google account passwords 4 - Change your Google account passwords
Changing the passwords for your Google accounts will reset the authorisation tokens for your device. This will ensure that any tokens obtained by the malware will no longer be valid and will prevent malicious third parties from continuing to access your accounts.
How can I protect myself in future?
- Ensure your operating system (OS) is up-to-date
- Install an anti-virus and have it automatically scan your device on a regular basis
- Only download applications from Google Play or trusted third parties
- Read reviews of the applications you want to download. If the application asks for too much personal data or for permissions that it doesn’t need, avoid it
Where can I find further information and advice?
If you’d like further advice then our forum community will be happy to help. Just visit virginmedia.com/community and join the conversation on our Security Matters board.
You can find general security advice and articles on other vulnerabilities by checking Security Hub at virginmedia.com/securityhub
Virgin Media supports Internet Matters: a not-for-profit organisation working with online safety experts to bring you all the information you need to help keep your children safe online.
For more information about Internet Matters, please click here
* These fixes are provided as a courtesy and we are not responsible for any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.
** Minimum system requirements and Acceptable Use Policy apply. Gadget Rescue is available on a monthly subscription basis (6 month minimum term applies) or as a "One-Off Fix" service. Gadget Rescue terms and conditions apply.
*** These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.