Since a while, the Android platform of Google has been the target to a host of ransomware, malware, and malicious attacks. Also, reports of malware named LeakerLocker, SpyDealer, and CopyCat were hitting the news recently. And now in line is yet another attack vector been identified by Trend Micro’s cyber-security analysts, called as GhostCtrl. They describe it to be a backdoor worm that quietly controls numerous functionalities of affected Android devices. And to further worsen the situation, they also added that this susceptibility will continue advancing while furtively recording voice or audio and send in an encrypted manner to the attacking server.
The analysts have described that the GhostCtrl Android malware has 3 variants; in which the first can steal data from the device and regulate few of its components, the second can add additional features to favor a threatening device takeover, and the third fuses the finest of the prior two and add on more features. Remarkably, the GhostCtrl worm is an extension of the susceptibility that previously affected the ill-famed OmniRAT platform and Israeli hospitals that, back in 2015, was in news for claiming huge activities and remote-controlling Linux, Mac, and Windows systems through any Android handset and vice versa.
The GhostCtrl backdoor tricks as an authentic app such as the well known Pokemon Go and WhatsApp. On the launch of the app, it heads to put in a malicious APK package in the device. Actually, the malicious APK is hidden within a wrapper APK that will request the consumer to install it. Once this is implemented, the attackers will be capable of saving all the information and regulating the device by binding an array of instructions without the acknowledgment of the user.
The report of Trend Micro features few of the executable actions/commands that enable the attackers to operate the functionalities of the device. Apart from operating the devices’ basic functions, the GhostCtrl can also play and alter diverse sounds and reset passwords on the device. The report says, “The information GhostCtrl pilfers is wide in comparison to other Android data stealers. In addition to the aforesaid data categories, GhostCtrl can also steal data such as username, Android OS version, battery, Wi-Fi, audio states, Bluetooth, sensor, UiMode, browser, data from camera, searches, activity information, service processes, and wallpaper.”
Thus, to control the GhostCtrl and other analogous worms, a list of actions is detailed by Trend Micro that the user should follow to certify data safety. Some of them comprise backing up the files within definite intervals, limiting user consents for apps, and upgrading the device to the newest firmware. For improved data management, users can also shift to multilayered security mechanisms.