The new Android malware, GhostCtrl can record audio and steals data from Windows machines.
A new type of Android malware that was discovered is now threatening not just Android devices but Windows, Linux, and Mac machines also.
Mobile security firm Trend Micro detected that the Android malware called GhostCtrl has proven to be more powerful than standard mobile malware. It invades the user's privacy by recording audio or video from the device and provide access to other systems.
GhostCtrl is very similar to the standard Android malware. It gives the attacker the ability to upload and download files from a remote server to the infected device, it can send text messages costing a fee without permission, and sends information recorded from the device.
However, the strain is much more powerful than the typical attack. It won't just grab information for the infected cellphone, it will also record audio and video without the owner's permission. It can also use the text-to-speech feature, play sound effects, terminate an outgoing call, use Bluetooth to connect to another device and clear or reset the password of an account on the device.
Even worse, the malware isn't limited to just taking advantage of Android devices. GhostCrtl also includes a worm called RETADUP that is capable of stealing information from Windows systems by using a connected, infected Android device as a back channel.
"GhostCtrl's combination with an information-stealing worm, while potent, is also telling. The attackers tried to cover their bases, and made sure they didn't just infect endpoints. And with the ubiquity of mobile devices among corporate and everyday end users, GhostCtrl's capabilities can indeed deliver the scares." researchers at Trend Micro said.
Three versions of GhostCtrl have been identified, each of which poses more threat to owners of Android devices. The inclusion of RETADUP, which was recently discovered stealing information from Windows machines in Israeli hospitals, extends the threat of the malware beyond mobile.
The malicious software often comes disguised as legitimate apps, using compromised versions of WhatsApp and Pokémon Go among others.
If a user downloads one of those corrupted apps––often found on third-party app marketplaces––and goes to open the download, the Android Application Package (APK) will launch GhostCtrl and prompt the user to install it. It runs silently in the background as the attacker gains access to the compromised handset.
The best way to avoid being infected by GhostCtrl is to download apps through the Google Play Store. While Google's official marketplace hasn't been as successful at keeping out malicious software as one might hope, it's still a much safer bet than the wild west of third-party alternatives.
Give us a call to learn more about how to protect yourself from malicious malware! Give us a call to learn more about protecting yourself and your business! We have protected many businesses in the La Plata, Waldorf, White Plains, Prince Frederick, Solomon's, Charles County, Calvert County, and Washington D.C. area from ransomware.
