Tuesday , 17 July 2018
Home >> S >> Software >> Android ‘GhostCtrl’ malware can record your chats, files and messages

Android ‘GhostCtrl’ malware can record your chats, files and messages

WITH THE WORLD CRYING OUT FOR A CHUCK NORRIS STRENGTH SECURITY SOLUTION, Trend Micro has found another reason for John McAfee to unleash Sentinel and sort all of this out for everyone.

The issue at Trend Micro is GhostCtrl, a remote access trojan, or RAT, for Android software that like all the best threats lurks in the background and causes its mischief under your nose and unobservant eyes.

GhostCtrl is a variant of OmniRAT, which is piece of malware that can affect Android, Windows, Linux and Mac systems. Trend Micro says that there are three variants of the Ghost out there, and that the third version is a compilation or ‘best of’ the previous two attack methods and their features.

The attack has already proved itself. “The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device,” said Trend Micro’s researchers.

“Detected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities.”

OmniRat is a sold and bought threat, and GhostCtrl makes use of its much promised one button Android takeover feature and the fact that it usurps known brands, such as WhatsApp, to get installed on Android devices.

“The malware masquerades as a legitimate or popular app that uses the names App, MMS, whatsapp, and even Pokemon GO. When the app is launched, it base64-decodes a string from the resource file and writes it down, which is actually the malicious Android Application Package (APK),” added Trend Micro.

“The malicious APK, after dynamically clicked by a wrapper APK, will ask the user to install it. Avoiding it is very tricky: even if the user cancels the ‘ask for install page’ prompt, the message will still pop up immediately. The malicious APK doesn’t have an icon. Once installed, a wrapper APK will launch a service that would let the main, malicious APK run in the background.” µ

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==