Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Backdoor 'GhostCtrl' Can Silently Record Your Audio, Video and More (neowin.net)

Posted by BeauHD on from the behind-the-scenes dept.

An anonymous reader quotes a report from Neowin: A new strain of malware designed for Android devices has recently been discovered, which not only can silently record audio and video, but can also monitor texts and calls, modify files, and ultimately spawn ransomware. Dubbed as 'GhostCtrl' by researchers over at Trend Micro, the malware is apparently a variant of OmniRAT, a remote administration tool for Android, which is available to the public. It also appears to be part of a wider campaign that targeted Israeli hospitals, where a worm called RETADUP surfaced back in June. According to the report, there are three versions of the malicious software. The first variant stole information and controlled a device's functionalities, while the second added new features to exploit. The third one combines all the features of the old versions, and adds even more malicious components into its system. The latest iteration of GhostCtrl can now monitor call logs, text messages, contacts, phone numbers, location, and browsing history. Furthermore, it has the ability to record the victim's Android version, battery level, and Bluetooth information. To make make matters worse, it can now also spy on unsuspecting victims by silently recording audio and video. The malware distributes itself via illegitimate apps for WhatsApp or Pokemon GO. Trend Micro suggests you keep your Android devices up to date and data backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.

69 comments

  1. Frightening and laughable by Anonymous Coward · · Score: 0

    The list of thing the malware purportedly can do is an amusing mix of the frightening and the laughable. If the malware can install ransomware and record audio and video secretly, do you need to also inform us in the same sentence that it's capable of also recording your battery level for evil purposes?

    1. Re:Frightening and laughable by Anonymous Coward · · Score: 2, Insightful

      It is almost as if this was designed to order by the various TLA's to spy on to without you knowing.

      Oh wait...

    2. Re:Frightening and laughable by Anonymous Coward · · Score: 0

      Android: The Ghetto mobile OS.

  2. Walled Garden by Anonymous Coward · · Score: 1, Insightful

    Now, what's so bad about Apple's walled garden again?

    1. Re:Walled Garden by Anonymous Coward · · Score: 2, Informative

      Apps that do what GhostCtrl does but on iPhones are rife in the app store.

      You just have to know where to look. The walled garden's cracks started showing years ago.

    2. Re:Walled Garden by Anonymous Coward · · Score: 3, Informative

      Now, what's so bad about Apple's walled garden again?

      What's bad is it isn't infallible https://www.theiphonewiki.com/wiki/Malware_for_iOS

    3. Re:Walled Garden by Anonymous Coward · · Score: 1

      Sorry I forgot one more link
      https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/

    4. Re:Walled Garden by sheramil · · Score: 3, Funny

      Apple's malware costs so much more. If I could afford an iPhone, I'd be worth stealing from.

    5. Re:Walled Garden by Anonymous Coward · · Score: 0

      I've said it before too, on my phone I really don't want to have to worry about security. While there could be malware like this in the app store, it's far less common. On my computer however, I want full freedom to do what I want.

    6. Re:Walled Garden by iampiti · · Score: 2

      If you're in jail you can't die in car accident either. What's so bad about being in jail?

    7. Re:Walled Garden by Ensign_Expendable · · Score: 1

      I look at the rich choices of phones on the Android side with envy. Every time I consider a nice reasonably priced Android device (looking at you, Honor 8) news like this pops up, and I clutch my iPhone.

    8. Re:Walled Garden by Anonymous Coward · · Score: 1

      Nice FUD, fag. Link to the app in question or it didn't happen, bitch.

    9. Re: Walled Garden by Anonymous Coward · · Score: 0

      False equivalence truly is the fallacy of our age.

    10. Re: Walled Garden by Dunbal · · Score: 1

      Like people who equate metaphor with false equivalency?

      --
      Seven puppies were harmed during the making of this post.
    11. Re:Walled Garden by Anonymous Coward · · Score: 0

      No, we do not.
      More of Clinton News Network "news" or "nothingburgers".

    12. Re:Walled Garden by Anonymous Coward · · Score: 0

      Bullshit. Prove it.

    13. Re:Walled Garden by Anonymous Coward · · Score: 0

      Says the shemale that got conned into paying far far far too much for a vastly overpriced, cheaply made,substandard iDiot phone, and don't want to admit that he/she got conned! Don't try to pretend that there are no malware or exploits for iOS! Now go away before you get bitch-slapped back into your cage!!

  3. Re:Shocking! by amalcolm · · Score: 0

    A quick google about malware on iPhones suggests you are full of shit

    --
    Time for bed, said Zebedee - boing
  4. Update the devices? As in buy new? by Anonymous Coward · · Score: 3, Interesting

    Thanks Trend Micro for that advice! Except most tablet vendors stop supporting or changing the software on the tablet so unless you could have put Canyogenmod on the tablet you won't be able to upgrade. Oh wait. You can't even get cyogenmod as an update anymore. The software upgrade path is the only positive thing Apple has going for its tablets.

    Perhaps Microsoft tablets will be upgradeable like the zune has been updated?

    BTW anyone catch the averts for HP printers? Pointing out how old printers are insecure and you should just upgrade to HP? 'Cept the old insecure printers that still work are HPs. Still working is the point. If the sunk cost gear is still working - why replace it due the manufacturer not creating the replacement need by allowing insecure devices to function on the network?
           

    1. Re: Update the devices? As in buy new? by Anonymous Coward · · Score: 1

      Lineageos==cyanogenmod

  5. "keep your Android devices up to date" by Anonymous Coward · · Score: 0

    Ahahahaha. Madness.

    1. Re:"keep your Android devices up to date" by Anonymous Coward · · Score: 0

      This is not madness! This is ANDROID!

  6. It's Not a Bug, It's a Feature by organgtool · · Score: 4, Funny

    GhostCtrl is not a bug, it's a new daemon for systemd. It's meant to provide a centralized method for viruses and ransonware to control your system.

    1. Re: It's Not a Bug, It's a Feature by Anonymous Coward · · Score: 0

      Is its logging as bad as systemd?

    2. Re:It's Not a Bug, It's a Feature by farble1670 · · Score: 3, Insightful

      GhostCtrl is not a bug, it's a new daemon for systemd.

      No, it's not. It's an app that requests a bunch of permission. And gets them, if the user accepts. It's nothing more than an app. An app you had to sideload, only after going into settings and allowing apps to be be sideloaded and accepting the various scary warnings you will see in the process.

      It can do things like lock the screen because it requests to be a device policy admin.
      https://developer.android.com/...

      This is what allows Android to be used in for example enterprise environments where the lock screen needs to have enterprise-specific policy. Note there's a UI flow *required* for any app to escalate to being a device policy admin. The user had to explicitly allow it. Note that it couldn't disguise itself or otherwise attempt to trick the user.

      These articles are published by corporations who have an interest in scaring you into buying their products and services. They never explain all the hoops they had to jump through to have the device compromised.

    3. Re:It's Not a Bug, It's a Feature by Anonymous Coward · · Score: 0

      GhostCtrl is not a bug, it's a new daemon for systemd.

      No, it's not. It's an app that requests a bunch of permission.

      Whoosh

  7. Apple vs. Android by Qbertino · · Score: 3, Insightful

    There's an apple vs. android debate going on here. And while I myself use an android phone, I have to say, Apple does have the edge in this department. Their lockdown and app-screening policy basically prevents clueless users from doing to much damage.

    And I have to admit, finding the right Android phone is a PITA. I settled for a Moto G5 Plus as my newest, but I'm and expert and know what to look for, am aware of the tradeoffs *and* I know enough to be careful about installing rubbish. Some clueless ord settling for an iPhone even though it's 300 Euros more expensive than an android equivalent (a fact they are blissfully unaware of) might actually be the best choice for them.

    --
    We suffer more in our imagination than in reality. - Seneca
    1. Re:Apple vs. Android by Archangel+Michael · · Score: 0

      Apple does not have an edge. If you download PokemonGo from someone other than Niantic off the Play Store, you're an idiot. I don't care if it is "super modified to spoof GPS legitimately!" version of PokemonGo. This is nothing more than Cellphone Darwin award winning material here.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re: Apple vs. Android by Anonymous Coward · · Score: 1

      "this app requires the following permissions:
      *Microphone"

      Yup, totally secret!

    3. Re:Apple vs. Android by iampiti · · Score: 1

      With Apple certainly having few options makes the choice easier. You also know all possibilities are good enough.
      Anyway, I guess you're aware that Android phones prevent you from manually installing apps until you change a setting. Also, it might not matter to most people but the Apple way severely limits your freedom. I don't want a company to control what I can and can't install in my hardware.

    4. Re: Apple vs. Android by Anonymous Coward · · Score: 0

      I have a question. Why do you isolate i phone from Android when saying you have a rough time picking?

      I phones don't have a ton of other features Android phones have fairly common (quick charge).

      People pick from all phones, not just "all Android". To me and the uninformed, it's just another phone in the market.

    5. Re:Apple vs. Android by tlhIngan · · Score: 3, Informative

      I don't want a company to control what I can and can't install in my hardware.

      Apple allows sideloading of apps since at least iOS9 without requiring you to pay $99. Anything you can compile yourself, you can load onto your iPhone with Apple's blessing. There are restrictions of course, but Apple is letting you load your stuff onto your phone (and others you can physically get access to).

      The funny thing is, you'd expect an "open source app repo" to have sprung up consisting of apps and games you build and load yourself, but I haven't seen one. But yes, it's a way to get verboten apps on iPhone, and many emulators use this method - because naturally, they were open source to begin with.

      And while technically, you're not supposed to, closed-source can use the same mechanism to get onto iPhones as well - many piracy sites use the same mechanism to load pirated apps onto iPhones.

    6. Re: Apple vs. Android by Anonymous Coward · · Score: 0

      Perhaps you don't have to pay 99USD to compile, but last I heard, it still needs an apple Mac to run the compilation.
      People into open source tend not to have any of those...

      aRTee

  8. Re:American Communism and Womens Liberation by Anonymous Coward · · Score: 0

    female nature is collectivist, don't blame the politicians for it, they're just doing it for access to v@g1n@ (simps)

    go MGTOW and watch the world burn from afar

  9. Fuck smartphones by Anonymous Coward · · Score: 0

    they can't really hack old phones that don't even have color screens, can they? even if they can it's not worth the effort

  10. Just reminding myself by MrKaos · · Score: 2

    Why I chose an operating system platform that was open sourced. Not free but freed software. It seems the further software gets from being open the more we have to put up with crap like this. Sure, shiny is good, but control is better.

    --
    My ism, it's full of beliefs.
    1. Re:Just reminding myself by radish · · Score: 1

      Huh? Which is the usable mobile OS that's more free/freed/open (using any definition you prefer) than Android? iOS is much further from free than Android, and yet this type of malware simply doesn't exist there. Say what you like about walled gardens restricting personal freedom to tinker (and they certainly do) - from a security point of view Apple have shown themselves to be great guardians of their devices (and, by extension, their users).

      This is reminding me why I pay extra for an Apple device every few years.

      --

      ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

    2. Re:Just reminding myself by MrKaos · · Score: 3

      Which is the usable mobile OS that's more free/freed/open (using any definition you prefer) than Android?

      It was directed at Android. My lament is that I am forced to have one arm tied behind my back for what is essentially a linux box that I own and can't have root access to.

      So not having a go at Apple gear at all. I'm criticizing my platform of choice, sorry, I probably didn't make that clear. (tired)

      This is reminding me why I pay extra for an Apple device every few years.

      Sure, though you've got a different set of guys with access to your data. Please don't take this as a slight or disdain for apple users or their products, moreover an observation of the contempt intelligence agencies show apple users, calling them zombies and making fun of them while hiding behind the state. It doesn't sit well with me, fooling people just going about their business like that.

      I've liked Apple gear, I have an iPhone I don't use much. I wouldn't mind playing around with their gear however they have got the walled garden philosophy, which is not really my choice as there is plenty to do in the Android space which I would like to be more open.

      --
      My ism, it's full of beliefs.
  11. OmniRat by lordmage · · Score: 1

    I just have to say, thanks for advertising this tool. Now I can admin my family without having to constantly travel, get them to meet me, get the phones, etc. It is cheap and well.. the developer is the owner. Pretty nice job so far.

    Amazing: Try and make it sound bad.. and I love it.

    --
    I can program myself out of a Hello World Contest!!
  12. updates? by qQ7eBMsfM5gs · · Score: 2

    Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?

    1. Re:updates? by farble1670 · · Score: 3, Funny

      Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?

      Are you suggesting the act of writing new bits to flash slows the device down permanently? Yes, you are the only person that thinks that.

  13. FDroid Max's Modules? by Anonymous Coward · · Score: 0

    Not that I've RTFSummary, but isn't this functionality already covered by the Maxx's Modules available in FDroid? What exactly is new here other than it's bad when your computing device is running software with functionality you don't wish it to have? Malware 101? Is slashdot that remedial a forum lately?

  14. Re:Update the devices? As in buy new? by iampiti · · Score: 1

    According to TFA: "The malware is distributed through apps that masquerades as legitimate apps for WhatsApp or Pokemon GO. After the APK file has been installed on a victim's device".
    While I have no idea what "apps for Whatsapp or Pokemon GO" means (maybe "for" should be "as"), the second part about installing the APK suggests that this happens when a user "sideloads" (I hate the term, implies there's something wrong with it, as if we were only ever supposed to install programs blessed by the OS corporate overlords) an app, In turn, this suggests that you'd be fine if you stuck to what's available on Google Play.
    My point is, this is not a problem caused by an OS level vulnerability so no amount of updating the OS will fix it.
    Yes, Android is atrocious regarding updates but that's another problem.

  15. Android is atrocious? by CriticalYetLazy · · Score: 1

    Android? The OS itself is OK and has no issue with updateability. Don't you mean "the great collective of Android phone manucaturers"?

    1. Re:Android is atrocious? by iampiti · · Score: 1

      Yep, exactly that.

    2. Re:Android is atrocious? by Anonymous Coward · · Score: 0

      The OS is far from fucking okay.
      The whole update system is a disaster.
      The fact that phone manufacturers are even part of the update system is the problem!
      They are changing that with new Android, but too fucking late.
      This should have been a decision the instant any significant number of people were behind in updates.
      Hell, it should have been designed like that from the damn start.
      Separate the god damn OS and the userland. Android took this concept it was based on and absolutely shit on it.

      I've literally never used an OS as broken as Android.
      It is a convoluted mess of an OS.
      Don't praise it. It blows ass!
      Google have no excuses for that shitheap.
      But then, it IS Google. Every product they make is filled with horrible ideas. From Chrome to their search engine to this.
      Even Windows 10 isn't as trash as Android was at its beginnings.
      Android had decades of OS design to see what to do. They did the opposite. This is why we have such fragmentation, their naivety.

    3. Re:Android is atrocious? by Anonymous Coward · · Score: 0

      If the OS was "ok" it would never need changing. Various devices will never get upgrades and never GOT upgrades. So yea, the 'great collective' is to blame. But few are publishing specs so lineageos could be ported if there was a bit of demand.

  16. "insecure" printers by Anonymous Coward · · Score: 0

    the old insecure printers that still work are HPs

    Red: This printout is a little more yellow than I'd expect.

    Wolf: The better to protect you from committing crimes anonymously with my sweetie.

                      https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

    Red: My last ink cartridge sure was expensive.

    Wolf: The better to lock you in as a return customer my sweetie.

                        http://wirthconsulting.org/2016/04/18/hp-inc-wins-ink-cartridge-patent-infringement-suits-across-the-globe/
                        https://www.cnet.com/news/hp-cracks-down-on-cartridge-refill-industry/
                        http://www.zdnet.com/article/hp-told-disarm-printer-ink-self-destruct-sequence-blocking-third-party-cartridges/

    Eventually what we see today as a "printer" will become a paper holder and mover with a network adapter. The actual "printer" will be a cartridge protected by patent, DMCA, and EULA that is leased from a company instead of bought.

    Good color laser and inkjet printers have been widely available since the early 90's. Anyone want to take a kickstart shot at unencumbered printer hardware that supports open firmware technology?

  17. Need hardware on/off and HW indicators by davidwr · · Score: 1

    One more reason why we need hardware on/off switches and indicator lights for sensors and radios.

    Turn the mic off - it will be impossible to record.

    See that the mic-indicator light off - assurance mic is not in use.

    Ditto camera, bluetooth, wifi, cellular radio, etc.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  18. Re:Update the devices? As in buy new? by Jesus_666 · · Score: 1

    Depends on the manufacturer. I have a BQ and I have no issues with a lack of updates. (The Zuk Z1 before that was a different story altogether, admittedly. To be fair, though, that was because Zuk made the mistake of partnering with Cyanogen Inc.)

    Unfortunate as it is, the presence or lack of a solid update scheme is a distinguishing feature between manufacturers - one you won't find in a feature matrix. Looking into it can help you avoid making mistakes.

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  19. Yet another reason I hate so-called 'smartphones' by Anonymous Coward · · Score: 0

    They sound pretty 'dumb' to me, if they're vulnerable to bullshit like this. Why are you people still using smartphones? Drop them into the e-waste bin and get a PHONE that is just a PHONE and never mind this nonsense. It's not like you're actually using it for legitimate purposes, all you're doing is jacking off on 'social media', playing pointless twitch-games, watching porn on the john at work, and paying wireless companies a premium every month for overpriced 'dataplans'. Just admit you don't really need it, dump it, get a $50 basic phone, leave it turned off when you're not using it, and never have to worry about any of this shit ever again. Wireless companies can and should go fuck themselves.

  20. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  21. Re: American Communism and Womens Liberation by Anonymous Coward · · Score: 0

    Ah, the red scare returns. "Bleeding from her wherever".

  22. Re: Trumps phone by Anonymous Coward · · Score: 0

    You shouldn't refer to Steve Bannon like that.

  23. Re:App Reputation by farble1670 · · Score: 1

    And why allow side channels for installation, e.g. via WhatsApp, if it's got problems like this and no QA?

    Because then people like you would be whining about the Google Walled Garden, and we don't like whining.

  24. More FUD by farble1670 · · Score: 3, Insightful

    Sorry, got to call FUD. If you read this,
    https://blog.trendmicro.com/tr...

    Basically this is an app that requests a ton of permissions, including being a device administrator allowing it to control the lockscreen. The user had to accept several scary warning dialogs for the app to obtain these privileges. They also had to go outside the Play store, and specifically allow untrusted apps to be sideloaded.

    TFA states this app can escalate to root, but doesn't explain how that's possible across different versions of Android / Linux and different hardware. I've never heard of a root for Android that involves simply installing an app, let alone a universal one.

  25. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  26. Re:App Reputation by farble1670 · · Score: 1

    Okay sure.

    Seems perfectly reasonable to have a walled garden, and an option to unlock the phone but then no warranty, support, etc. How's that for whining, fucko?

    It sure does seem reasonable, and that's pretty much how Android works now. So I'd have to say pretty poor whining on your part.

    And why allow side channels for installation, e.g. via WhatsApp, if it's got problems like this and no QA?

    Interesting. What would said QA test? That every single app coded on the face of the planet, even the ones Google or anyone else knows about, aren't malicious? I guess said QA would need to decompile every app and go over every line of code to ensure they aren't doing anything malicious. And if the app used the network, we'd need to get the source to all of the servers it's calling to ensure they aren't malicious either.

    I'd really love to hear more about how you think this would work. It really is a practical plan though I'm sure, we just need you to explain more.

  27. rofl by Anonymous Coward · · Score: 0

    but why?
    both whatsapp and pokemon go is a free app lol...

  28. Re:App Reputation by farble1670 · · Score: 1

    You had to Foe me? I guess mom and dad never disagreed with you. It must be quite shocking, I apologize for not handling you more gently.

  29. Re: App Reputation by KGIII · · Score: 1

    Pffttt... Them adding you as a foe is a badge of honor. Wear it with pride!

    --
    "So long and thanks for all the fish."
  30. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion