Scary, Backdoor It Can Steal All Android Data

Zatinet - Recently, security company Trend Micro warned a new Android backdoor called GhostCtrl. This backdoor is one of the variants of OmniRAT found in 2015 and attacked various types of platforms, including Windows, Linux, and Mac.

GhostCtrl specifically tries to infect Android devices and spreads as stand-alone APK (application package file) files, named App, MMS, whatsapp, or Pokemon GO.

At least, malware is found in three different versions. The strongest version of this malware allows hackers to have full control over Android devices. In addition, the cyber criminals are also able to access and transfer the stored data.

"The malicious APK, once clicked on by the APK wrapper will prompt the user to install it.It's very difficult to avoid it, even if the user cancels the installation request, the message will still appear," Trend Micro said.

Furthermore, it is also mentioned that the APK does not have an icon. However, once installed on Android, the APK wrapper will launch a service that lets the main APK be malicious to run in the background.

Full Control of Devices, The malware uses a com.android.engine service that easily tricks users into believing in the process. That way, users will not stop the malware process. Once the device is infected, GhostCtrl will wait for the command and connect to the C & C server on port 3176.

The infection allows hackers to steal various data from the device, such as call history, SMS, contacts, phone number, SIM serial number, location and search history.

Not only that, hackers can also take various data from the camera, process, and also wallpaper. Worst, the cyber criminals can also activate the camera or record sound and upload it to the server.

Cyber ​​criminals can also send messages to hijack devices for specific tasks. For example, just change the password to change account settings.

So far, the only way you can do to avoid this attack is by not downloading and installing APKs from untrusted sources.

Share this post