GhostCtrl: The Android Backdoor That Could Ruin Everything

While a large variety of mobile threats exist, especially for Android users, the GhostCtrl backdoor is capable of damage at an alarming rate. The possibilities are dangerous . . . but what’s even more is that they’re more likely to infect us than not.

Trend Micro researchers have deduced that the backdoor has “cycled through three iterations” and the latest is “especially capable, as it can steal all kinds of information, is ‘hauntingly persistent’, and can take complete control of the device”.

The terrifying part is that the GhostCtrl backdoor is only one of thousands of possibilities, as it’s based on the multiplatform OmniRAT – popular on darknet black markets. It can cost anywhere from $25 to $75.

“It’s C&C communication is encrypted, and the commands it receives contain action code and Object DATA, which, according to the researchers, ‘enables attackers to specify the target and content, making this a very flexible malware for cybercriminals.’”

For security purposes, the possibilities of GhostCtrl need to be addressed. The backdoor is capable of any of the following things:

  • Screen a phone’s sensors’ data in real time
  • Download pictures as wallpaper & files in general
  • Upload a specific file to the C&C server
  • Send personalized SMS/MMS to a number indicated by the invader
  • Control the system infrared transmitter
  • Secretly record audio and/or video
  • Use the text-to-speech feature
  • Clear/reset the password of an account indicated by the invader
  • Make a phone play different sound effects
  • Terminate an ongoing phone call
  • Use the Bluetooth to search/connect to other devices

The most common form of GhostCtrl is a phony app. The backdoor can be disguised as WhatsApp – Pokemon Go – literally anything. After it’s installed, the malware can hide from the victims by hiding its icon.

The easiest way to avoid downloading malware like GhostCtrl is to use your commonsense. Don’t install apps from third parties. Read the reviews. Do your research. And if nothing else: make sure you have a back-up of your mobile data “just in case”.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday