GhostCtrl malware that can disguise itself as WhatsApp secretly films you and keeps recordings of your private calls and videos to ransom

Wednesday, July 19, 2017
By Paul Martin

London-based firm Trend Micro raised the alarm about the malicious software
It was used in an attack on hospitals in Israel and is now targeting Android users
It is being spread by masking itself as infected versions of popular apps
It allows hackers to snoop on you via the phone’s camera and microphone

19 July 2017

Android users are being warned to be on the lookout for a new type of ransomware that can secretly record you.

Dubbed GhostCtrl, the malicious software is being spread by masking itself as apps like WhatsApp and Pokemon Go.

As well as capturing audio and video clips, the malware can lock the device’s screen and reset its password, making ideal for ransoming infecting users.

The computer security firm that detected three versions of the software says it is likely to grow in complexity in future versions.

Trend Micro were the first to raise the alarm about the malicious software.

Users download fake versions of popular apps that appear to be the genuine item, but which are infected with the virus.

Once the app is installed, this provides hackers with a back door into your smartphone.

This allows them to snoop on your activities via the phone’s camera and microphone.

These recordings are then uploaded to the cybercriminals’ servers.

Among the other information they can then steal are your photos, records of calls made and received, text messages, contacts, and browser history.

Writing in a blog post, security experts said: ‘We’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities.

‘The data GhostCtrl steals is extensive, compared to other Android info-stealers.

‘Different kinds of sensitive, and to cybercriminals, valuable, information will be collected and uploaded.

‘There are three versions of GhostCtrl. Based on the techniques each employed, we can only expect it to further evolve.

The malware is a variant of the information-stealing Retadup worm, which attempted to infect two Israeli hospitals on June 27.

The Rest…HERE

Comments are closed.

Join the revolution in 2018. Revolution Radio is 100% volunteer ran. Any contributions are greatly appreciated. God bless!

Follow us on Twitter