Slashdot Mirror
Android Backdoor 'GhostCtrl' Can Silently Record Your Audio, Video and More (neowin.net)
An anonymous reader quotes a report from Neowin: A new strain of malware designed for Android devices has recently been discovered, which not only can silently record audio and video, but can also monitor texts and calls, modify files, and ultimately spawn ransomware. Dubbed as 'GhostCtrl' by researchers over at Trend Micro, the malware is apparently a variant of OmniRAT, a remote administration tool for Android, which is available to the public. It also appears to be part of a wider campaign that targeted Israeli hospitals, where a worm called RETADUP surfaced back in June. According to the report, there are three versions of the malicious software. The first variant stole information and controlled a device's functionalities, while the second added new features to exploit. The third one combines all the features of the old versions, and adds even more malicious components into its system. The latest iteration of GhostCtrl can now monitor call logs, text messages, contacts, phone numbers, location, and browsing history. Furthermore, it has the ability to record the victim's Android version, battery level, and Bluetooth information. To make make matters worse, it can now also spy on unsuspecting victims by silently recording audio and video. The malware distributes itself via illegitimate apps for WhatsApp or Pokemon GO. Trend Micro suggests you keep your Android devices up to date and data backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.
Now, what's so bad about Apple's walled garden again?
It is almost as if this was designed to order by the various TLA's to spy on to without you knowing.
Oh wait...
There's an apple vs. android debate going on here. And while I myself use an android phone, I have to say, Apple does have the edge in this department. Their lockdown and app-screening policy basically prevents clueless users from doing to much damage.
And I have to admit, finding the right Android phone is a PITA. I settled for a Moto G5 Plus as my newest, but I'm and expert and know what to look for, am aware of the tradeoffs *and* I know enough to be careful about installing rubbish. Some clueless ord settling for an iPhone even though it's 300 Euros more expensive than an android equivalent (a fact they are blissfully unaware of) might actually be the best choice for them.
We suffer more in our imagination than in reality. - Seneca
Sorry, got to call FUD. If you read this,
https://blog.trendmicro.com/tr...
Basically this is an app that requests a ton of permissions, including being a device administrator allowing it to control the lockscreen. The user had to accept several scary warning dialogs for the app to obtain these privileges. They also had to go outside the Play store, and specifically allow untrusted apps to be sideloaded.
TFA states this app can escalate to root, but doesn't explain how that's possible across different versions of Android / Linux and different hardware. I've never heard of a root for Android that involves simply installing an app, let alone a universal one.
GhostCtrl is not a bug, it's a new daemon for systemd.
No, it's not. It's an app that requests a bunch of permission. And gets them, if the user accepts. It's nothing more than an app. An app you had to sideload, only after going into settings and allowing apps to be be sideloaded and accepting the various scary warnings you will see in the process.
It can do things like lock the screen because it requests to be a device policy admin.
https://developer.android.com/...
This is what allows Android to be used in for example enterprise environments where the lock screen needs to have enterprise-specific policy. Note there's a UI flow *required* for any app to escalate to being a device policy admin. The user had to explicitly allow it. Note that it couldn't disguise itself or otherwise attempt to trick the user.
These articles are published by corporations who have an interest in scaring you into buying their products and services. They never explain all the hoops they had to jump through to have the device compromised.