While a large variety of mobile threats exist, especially for Android users, the GhostCtrl backdoor is capable of damage
at an alarming rate. The possibilities are dangerous . . . but what’s
even more is that they’re more likely to infect us than not.
Trend Micro researchers have deduced that the backdoor has “cycled through three iterations” and the latest is “especially capable, as it can steal all kinds of information, is ‘hauntingly persistent’, and can take complete control of the device”.
The terrifying part is that the GhostCtrl backdoor is only one of thousands of possibilities, as it’s based on the multiplatform OmniRAT – popular on darknet black markets. It can cost anywhere from $25 to $75.
The easiest way to avoid downloading malware like GhostCtrl is to use your commonsense. Don’t install apps from third parties. Read the reviews. Do your research. And if nothing else: make sure you have a back-up of your mobile data “just in case”.
Trend Micro researchers have deduced that the backdoor has “cycled through three iterations” and the latest is “especially capable, as it can steal all kinds of information, is ‘hauntingly persistent’, and can take complete control of the device”.
The terrifying part is that the GhostCtrl backdoor is only one of thousands of possibilities, as it’s based on the multiplatform OmniRAT – popular on darknet black markets. It can cost anywhere from $25 to $75.
“It’s C&C communication is encrypted, and the commands it receives contain action code and Object DATA, which, according to the researchers, ‘enables attackers to specify the target and content, making this a very flexible malware for cybercriminals.’”
For security purposes, the possibilities of GhostCtrl need to be addressed. The backdoor is capable of any of the following things:
- Screen a phone’s sensors’ data in real time
- Download pictures as wallpaper & files in general
- Upload a specific file to the C&C server
- Send personalized SMS/MMS to a number indicated by the invader
- Control the system infrared transmitter
- Secretly record audio and/or video
- Use the text-to-speech feature
- Clear/reset the password of an account indicated by the invader
- Make a phone play different sound effects
- Terminate an ongoing phone call
- Use the Bluetooth to search/connect to other devices
The easiest way to avoid downloading malware like GhostCtrl is to use your commonsense. Don’t install apps from third parties. Read the reviews. Do your research. And if nothing else: make sure you have a back-up of your mobile data “just in case”.