• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

GhostCtrl Android Malware Records Audio, Video and Spies on Users

July 17th, 2017 Jahanzaib Hassan Security, Android, Malware 0 comments
GhostCtrl Android Malware Records Audio, Video and Spies on Users
Share on FacebookShare on Twitter

Perhaps it is not so surprising to see powerful malware now being created to target Android devices. Researchers at Trend Micro recently discovered yet another malicious software that infects Android devices and ends up stealing pretty much anything for the attacker.

GhstCtrl

The new malware goes by the name of GhostCtrl (a variant of OmniRAT) as Trend Micro discovered it as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA. Up till now, the team has found out three versions of the malware with each version having certain capabilities.

The first version, as Trend Micro notes, is capable of gaining admin privileges and once the malware is in the system, it automatically starts to evolve so that more of the device can be hijacked.

The second version, on the other hand, has mobile hacking capabilities as it can lock mobile screens while resetting mobile passwords. Furthermore, the second version can virtually take control of the infected phone’s camera and secretly take photos along with videos and upload them to the command-and-control center.

The third version is for making the detection of the malware incredibly difficult since it is associated with a wrapper APK which is used to cover up the actual APK that undertakes all the malicious routines.

Resources.arsc file indicating it’s an OmniRAT variant (Image credit: Trend Micro)

[irp posts=”33489″ name=”OmniRat Allows Cyber Criminals Hack Mac, Linux, Windows PC and Android Phones”]

How does it work?

Essentially, the malware come as fake apps masked with legitimate names such as PokemonGO, WhatsApp, etc. If the app is downloaded, it launches an APK which is the linchpin of the entire malware.

The APK will prompt the user to install the app and the user cannot undo the installation. That is, even if the user tries to cancel the installation, the APK will keep displaying the prompt.

After the APK is installed, the wrapper APK will start to run and allow the actual APK to run in the background.

One of the things that cause the user to think that the APK is legitimate is that once it is launched, it will start a process by the name of com.android.engine which causes the user to think that the app is running a real process.

Subsequently, GhostCtrl connects with its command-and-control center through a domain and receives all sorts of commands that allow the malware to do anything from stealing text messages to manipulating the phone’s camera, browser, Bluetooth, etc.

How to protect yourself?

Although the malware is quite powerful, the threat can be mitigated by keeping your device updated. Furthermore, Trend Micro recommends users and organizations to set their devices and systems to least privileges. 

Also, Android users are advised not to download unnecessary apps and use reliable anti-virus software.

[irp posts=”43149″ name=”Beware; Adwind RAT infecting Windows, OS X, Linux and Android Devices”]


Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Android
  • Google
  • internet
  • Malware
  • Privacy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Giveaway: Download Millions of Free Microsoft E-books
Next article Fake WhatsApp Subscription Email Stealing Banking Data
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

47
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

94
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

448

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us