Android users beware! This malware records your calls and videos
A terrifying new ransomware is attacking Android smartphones that can secretly record users' activities, including calls, messages, audios, videos, etc. Japanese cyber-security company Trend Micro said 'GhostCtrl' disguises itself as common apps like WhatsApp and even Pokemon GO. The virus takes over the phone, resets passwords, locks the device, and controls many functionalities of the infected device. How to protect your phone? Find out!
Israeli hospitals attacked
GhostCtrl, according to Trend Micro, is just another variant of the info-stealing worm 'RETADUP' that had affected two hospitals in Israel on 27 June. RETADUP was part of a dangerous attack that is now targeting Android phones.
How does GhostCtrl attack phones?
GhostCtrl tricks users into downloading malware masquerading as legitimate apps. After launching the app, "ask for install" message prompts users to install the malicious APK, masked by a wrapper APK. Once executed, it will secretly enable hackers to take control of the device or retrieve all data through a set of commands. Even if users cancel the installation, the message keeps popping up immediately.
What can the virus do to your phone?
The malicious APK has no icon but runs in the background. Its backdoor functions are named com.android.engine to mislead users into thinking it's a system application. It helps cyber-criminals steal, encrypt and upload to C&C servers sensitive/valuable data, including SMS/call records, contacts, browser data, images/videos, usernames/passwords, Wi-Fi, Bluetooth, location/activities, SIM serial numbers, OS version, UIMode, etc. It can intercept messages and stealthily record audios/videos.
The three versions of GhostCtrl
The first version of the virus steals data and controls some of the device functionalities. The second one adds more features to help hijack the device. Adding some more features, the third version combines the best of the first two versions' features.
How can you protect your Android smartphone?
Trend Micro said they expect the virus to evolve further. They gave a detailed list of steps/practices that could help users ensure the protection of data from GhostCtrl and other similar viruses. Some of them include backing up the device data regularly and updating the firmware on the phone. Users should also restrict app permissions and deploy multilayered security mechanisms to manage data better.
Past attacks on the Android platform
Tech giant Google's Android platform has been a victim to a host of ransomware, malware, and malicious attacks even in the past. Some of such malware that affected Android phones in the recent past include SpyDealer, LeakerLocker, and CopyCat.