Android Backdoor Ghostctrl, perfect to control the device arbitrary permissions and steal user data

The Android system seems to have become the preferred target for virus authors around the world, with new malware infecting more devices every day. This time, security company Trend Micro released a warning that they found a new Android backdoor--ghostctrl

Ghostctrl was found to have 3 versions, the first generation to steal information and control the functionality of some devices, the second generation added more features to hijack the device, the third generation combines the earlier version features, the more powerful, the hacker can fully control the device, and access and transfer any locally stored data rights.

demon-like Ghostctrl.

Ghostctrl was actually a variant of Omnirat that was discovered at the end of 2015. Omnirat is a popular remote control tool with lifetime License service and client service for only $25 and $50, and the operator also provides lifetime maintenance services. Omnirat can remotely control Windows,linux and Mac systems via a button on the Android device.

The malware will disguise itself as a legitimate or popular application, it will be named app, MMS, WhatsApp, or even Pokemon GO. When it starts, it looks like the normal app, but the malware is actually hidden in the device.

When the user clicks the masquerade apk, it asks the user to perform the installation. It is difficult for users to escape, even if the user cancels the installation prompt, the hint will still pop up immediately. The malicious apk has no icon and once installed, the malicious program will run in the background immediately.

the backdoor of the malware is named Com.android.engine To mislead users into thinking that it is a legitimate system application. It will connect to the C&C server and retrieve instructions for Port 3176.

The malware allows hackers to steal almost anything from an infected device, including call logs, SMS records, contacts, phone numbers, sim serial numbers, location, and browser bookmarks. In addition, it can get data from cameras, running processes, and even wallpaper. Worst of all, hackers can start the camera or record audio, then upload the content to the server, and all the data is encrypted during the process.

Malware authors can also send commands to infected phones to perform more specific tasks, such as re-setting the password for a configured account or making the phone play a different sound effect.

As with other malware encountered, avoiding downloading untrusted sources of applications is the best way to protect against

-----------------------------------------

* This article Ali Poly Security compiled, the original address: http://news.softpedia.com/news/ Android-backdoor-ghostctrl-can-steal-everything-from-a-phone-spy-on-users-517015.shtml

For more safety information and knowledge sharing, please follow the official blog of Ali Security.

Android Backdoor Ghostctrl, perfect to control the device arbitrary permissions and steal user data