Saturday , November 18 2017
Home / Malware / GhostCtrl Android Malware Silently Recording And Spying on You

GhostCtrl Android Malware Silently Recording And Spying on You

Attacks on Android devices have become very common these days. A group of researchers has recently discovered one such attack at Trend Micro known as GhostCtrl Android malware. This time the malicious software which is used to attack android devices has the capability to access and pretty much steal everything from your device.

What is GhostCtrl Android Malware?

This malicious virus goes by the name of GhostCtrl as the researchers at Trend Micro discovered it as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA. It is a variant of OmniRat and has three different versions up till now. Each version has unique capabilities.

The first version bypasses the admin and once inside the system it evolves and in a way so that more the device can be hijacked.

The second version can hack mobiles. It can lock mobile screens while resetting passwords. Furthermore, it takes control of your camera and captures pictures and videos from it to upload it to command and control center.

The third version is hard to detect. It is associated with a wrapper APK which is used to cover up the actual APK that undertakes all the malicious routines.

The inside out of GhostCtrl

This malware hides in fake apps masked with legal names like WhatsApp. Once you download them accidentally, an APK is launched which is the linchpin of the entire malware.

The APK then prompts the user the user to install the app. A user cannot get out of this installation as the APK keeps displaying the prompt, even if you try to cancel it.

Once the installation is complete, wrapper APK will take control, and the original APK will run in the background.

The APK deceives user by starting a process called com.android.engine which seems like a real process and user believes that this is a legitimate application.

Eventually, GhostCtrl connects with its command-and-control center through a domain and receives commands through which malware can gain access to and manipulate text messages, phone’s camera, browser, Bluetooth, etc.

Some important safety measures

Updating your device at regular intervals will lessen the chances of threat. Moreover, you are advised to set your devices and systems to least privileges. Always use reliable anti-virus software for your devices and do not download unnecessary apps.

About Ahmad Mukhtar

Hackist keeps an eye out on latest exploits, vulnerabilities, and research in information security around the globe.

Check Also

Seizure of victim servers of NotPetya attack by Ukrainian Police

Seizure of victim servers of NotPetya attack by Ukrainian Police

NotPetya is a disk wiper attack that locks the victim’s files and throws away the …

Leave a Reply

Your email address will not be published. Required fields are marked *