More than two years have passed since the existence of one of the world's most prolific Android malware - Ghost Push was made public -- but millions of devices are still vulnerable.
The potent trojan that makes its way onto user devices through third-party app offerings can infect Android up to version five i.e. Lollipop, still employed by about 57 percent of all users.
According to Cheetah Mobile researchers, most infections come from malware-laced installations of pirate and open source apps offered outside of the Google Play store.
"So far, this trojan family represents most infections," the researchers with the popular Chinese antivirus firm said.
"
In their report on the family of trojans, Cheetah Mobile says that they are "mainly spreading through pornographic websites, deceptive advertising and other third-party web pages. Currently, almost all Android versions except Android 6.0 are at risk of being rooted."
To avoid the malware, it recommends that it's best to only download trustworthy apps from the Google Play store and to avoid clicking on any third party links to unknown websites.
"As these root Trojans are very difficult to remove, and they often update the ads or root SDK automatically, there is a stable bunch of 'users,'" the researchers note. "Through pushing ads and distributing apps to these users, the Trojans can make profits constantly."
However, Android users with updated devices have no need to worry, as Ghost Push does not work on Android Marshmallow 6.0 or Nougat 7.0.