The scary scenario of the spread of GhostCtrl malware on Android devices

The growing number of people who buy and use smartphones, especially Android, makes these devices an attractive target for hackers to create malware. New strains of malware (malware) are frequently created but a special strain of viruses has shocked the cyber security world.

With the name GhostCtrl - this is the third time this malicious code has hacked the Android system. However, unlike the previous two versions, the new variant of GhostCtrl has much more frightening features.

1. Summary of effective Anti-Ransomware software
2. With the NMR's 15 free Ransomware decoding tools, you won't need to ransom the file anymore

The way GhostCtrl spreads

GhostCtrl infiltrates the victim's device when they install an infected APK file, which is usually anonymous under a popular application like WhatsApp or Pokémon Go. When the user installs it, the APK will display the installation message as usual. However, if the user refuses to install, that message will reappear.

The scary scenario of the spread of GhostCtrl malware on Android devices Picture 1

When a user clicks on a setting to end up annoying messages, the virus infects the system itself using backdoor. After that, it will open a communication channel to the hacker server - C&C server. C&C is an acronym for "command and control" and is used in bonet operations to send commands to infected devices. Thus, when a phone is infected with GhostCtrl, it receives commands from malware distributors via the C&C server.

What does GhostCtrl do?

GhostCtrl's scariest point is not how it spreads. TrendLabs has a complete list of all action codes that hackers can send to GhostCtrl via C&C server and what each code does. Here is an example of some of the activities that GhostCtrl does:

1. Real-time monitoring of phone sensor data.
2. List the file information in the current directory and upload it to the C&C server.
3. Delete the file in the specified directory.
4. Send SMS / MMS to the specified number of hackers (content can be customized).
5. Call the phone number that the hacker specifies.

In addition, TrendLabs also said GhostCtrl can also steal information stored on the phone. Stolen data may include information about Android version, browser history and camera data. Not only that, it can also track and upload SMS logs and call logs.

Depending on the hacker designation, GhostCtrl is also capable of performing a ransomware attack. It can change all passwords and PINs on infected devices then "blackmail" users.

So what to do to prevent it?

There are a few simple precautions that can help you not become a victim of this attack.

As mentioned above, GhostCtrl works as an infected APK file. Therefore, users can put themselves at risk of downloading APK files from an unknown source. For example, users can be redirected to third party APK sites. Therefore, you should stay away from APK sites and not download suspicious applications even when they are downloaded in the Google Play store.

Installing a reputable antivirus program will also help you prevent malicious code from infecting your system. Besides, you can also use mobile firewall to alert you and prevent malicious software from reaching its goal.

The scary scenario of the spread of GhostCtrl malware on Android devices Picture 2

Hopefully the information above will help you be safe from this malicious code!