The scary scenario of the spread of GhostCtrl malware on Android devices
Currently, there is only one variant of GhostCtrl malware on Android that shakes the world of cyber security. How does this variation work and how to prevent it? Please follow the article for more details!
The growing number of people who buy and use smartphones, especially Android, makes these devices an attractive target for hackers to create malware. New strains of malware (malware) are frequently created but a special strain of viruses has shocked the cyber security world.
With the name GhostCtrl - this is the third time this malicious code has hacked the Android system. However, unlike the previous two versions, the new variant of GhostCtrl has much more frightening features.
- Summary of effective Anti-Ransomware software
- With the NMR's 15 free Ransomware decoding tools, you won't need to ransom the file anymore
The way GhostCtrl spreads
GhostCtrl infiltrates the victim's device when they install an infected APK file, which is usually anonymous under a popular application like WhatsApp or Pokémon Go. When the user installs it, the APK will display the installation message as usual. However, if the user refuses to install, that message will reappear.
When a user clicks on a setting to end up annoying messages, the virus infects the system itself using backdoor. After that, it will open a communication channel to the hacker server - C&C server. C&C is an acronym for "command and control" and is used in bonet operations to send commands to infected devices. Thus, when a phone is infected with GhostCtrl, it receives commands from malware distributors via the C&C server.
What does GhostCtrl do?
GhostCtrl's scariest point is not how it spreads. TrendLabs has a complete list of all action codes that hackers can send to GhostCtrl via C&C server and what each code does. Here is an example of some of the activities that GhostCtrl does:
- Real-time monitoring of phone sensor data.
- List the file information in the current directory and upload it to the C&C server.
- Delete the file in the specified directory.
- Send SMS / MMS to the specified number of hackers (content can be customized).
- Call the phone number that the hacker specifies.
In addition, TrendLabs also said GhostCtrl can also steal information stored on the phone. Stolen data may include information about Android version, browser history and camera data. Not only that, it can also track and upload SMS logs and call logs.
Depending on the hacker designation, GhostCtrl is also capable of performing a ransomware attack. It can change all passwords and PINs on infected devices then "blackmail" users.
So what to do to prevent it?
There are a few simple precautions that can help you not become a victim of this attack.
As mentioned above, GhostCtrl works as an infected APK file. Therefore, users can put themselves at risk of downloading APK files from an unknown source. For example, users can be redirected to third party APK sites. Therefore, you should stay away from APK sites and not download suspicious applications even when they are downloaded in the Google Play store.
Installing a reputable antivirus program will also help you prevent malicious code from infecting your system. Besides, you can also use mobile firewall to alert you and prevent malicious software from reaching its goal.
Hopefully the information above will help you be safe from this malicious code!
You should read it
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- 10 million Android devices are preinstalled with malicious code from the factory
- 14 games on the App Store contain malicious code, iPhone users be careful
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Detect new malicious code to attack Android device
- Discover a new kind of malicious code that can record the phone call to extort money
- Malware Judy attacked more than 36.5 million Android phones
- Discovered a new line of malicious Android code that steals user data on the electronic application market
- Discovered a group of hackers who use secret code to spy on 21 countries
- Disable malicious HiddenTear Ransomware with HT Brute Forcer
- Series of Android applications contain malicious code you should remove immediately from your device
- Android apps contain malicious code that uses motion sensors to avoid detection
Maybe you are interested
How to replace console gaming with iPhone 'Brain-eating monster' is less than 20cm long and eats 3,000 mice every year? Microsoft is phasing out 32bit support for Windows 10 How to record audio files in Windows 10 How to avoid traffic jams with the latest Google Traffic MEmu software - Add options to play Android games on your computer