Skip to main content

Trend Micro Security Firm Have Uncovered A New Android Malware That Exists In Three Different Versions And Steals Your Private Data

Trend Micro security firm have uncovered a new Android malware that exists in three different versions. Called GhostCtrl, this malware has the ability to help an attacker remotely control your Android device and steal your data. It also gives the attacker a power to record audio/video and upload it to the malware’s C&C server. The second version of
GhostCtrl Android malware can also act as a ransomware.
This Android malware has been named GhostCtrl as it can take control over your Android smartphone. This malware is based on the popular RAT (Remote Access Trojan) OmniRAT, which has the power to remotely control machines running Windows, Linux, and macOS.
Like many other Android malware, GhostCtrl also hides behind the curtains and masquerades as popular apps like WhatsApp, MMS, Pokemon Go, etc. The main APK of the malware has backdoor functions, which are named com.android.engine to mislead the users.
After connecting to Control & Command (C&C) server, it gets encrypted instructions that are locally decrypted. To hide its traffic, the malware connects to a domain instead of directly talking to C&C server’s IP address.
Some of the notorious actions performed with the action codes included in the commands are:
  • Controlling WiFi
  • Delete/rename a file
  • Upload a file to C&C server
  • Monitor phone’s sensor data
  • Delete browser history, SMS
  • Send SMS/MMS to any number
  • Make a call to any number
  • Run a shell command and upload the result
That’s not all. GhostCtrl Android Malware can also record voice or audio from the phone and upload it to the C&C server. The stolen data is encrypted before performing the upload.
It should be noted that there are three different versions of GhostCtrl in the wild. The second version is a more advanced version with function codes for messing up things at the admin level.
The second version of GhostCtrl Android Malware can also act as a mobile ransomware. It has the ability to lock device screen, reset password, and perform rooting. The third version has more advanced capabilities for hiding its malicious routines. It makes the GhostCtrl detection even more challenging.
To stay safe and mitigate threats like GhostCtrl Android malware, Trend Micro advises the users to keep their devices updated and apply the principle of least privileges. They are also advised to perform a regular back up and use techniques like encryption and firewall.

Comments

WHAT'S HOT

Learn How To Download Videos From Popular Platforms Such As YouTube, Facebook, Twitter, Instagram And Any Others

Having trouble downloading that video your crush shared on Instagram or one of those adorable cat videos on YouTube? Refer our guide to learn how to download videos from popular platforms such as YouTube, Facebook, Twitter, Instagram and many others.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

Apple Has Confirmed The LTE Issues With Its New Watch Series 3

Before the product starts shipping on Friday, Apple has confirmed the existence of LTE issues with its new Apple Watch Series 3. Reviewers noted the wearable has