Android Backdoor Ghostctrl, perfect to control the device arbitrary permissions and steal user data

Source: Internet
Author: User

The Android system seems to have become the preferred target for virus authors around the world, with new malware infecting more devices every day. This time, security company Trend Micro released a warning that they found a new Android backdoor--ghostctrl

Ghostctrl was found to have 3 versions, the first generation to steal information and control the functionality of some devices, the second generation added more features to hijack the device, the third generation combines the earlier version features, the more powerful, the hacker can fully control the device, and access and transfer any locally stored data rights.


demon-like Ghostctrl.

Ghostctrl was actually a variant of Omnirat that was discovered at the end of 2015. Omnirat is a popular remote control tool with lifetime License service and client service for only $25 and $50, and the operator also provides lifetime maintenance services. Omnirat can remotely control Windows,linux and Mac systems via a button on the Android device.

The malware will disguise itself as a legitimate or popular application, it will be named app, MMS, WhatsApp, or even Pokemon GO. When it starts, it looks like the normal app, but the malware is actually hidden in the device.

When the user clicks the masquerade apk, it asks the user to perform the installation. It is difficult for users to escape, even if the user cancels the installation prompt, the hint will still pop up immediately. The malicious apk has no icon and once installed, the malicious program will run in the background immediately.

the backdoor of the malware is named Com.android.engine To mislead users into thinking that it is a legitimate system application. It will connect to the C&C server and retrieve instructions for Port 3176.

The malware allows hackers to steal almost anything from an infected device, including call logs, SMS records, contacts, phone numbers, sim serial numbers, location, and browser bookmarks. In addition, it can get data from cameras, running processes, and even wallpaper. Worst of all, hackers can start the camera or record audio, then upload the content to the server, and all the data is encrypted during the process.


Malware authors can also send commands to infected phones to perform more specific tasks, such as re-setting the password for a configured account or making the phone play a different sound effect.


As with other malware encountered, avoiding downloading untrusted sources of applications is the best way to protect against

-----------------------------------------

* This article Ali Poly Security compiled, the original address: http://news.softpedia.com/news/ Android-backdoor-ghostctrl-can-steal-everything-from-a-phone-spy-on-users-517015.shtml

For more safety information and knowledge sharing, please follow the official blog of Ali Security.

Android Backdoor Ghostctrl, perfect to control the device arbitrary permissions and steal user data

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.