Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Backdoor 'GhostCtrl' Can Silently Record Your Audio, Video and More (neowin.net)

Posted by BeauHD on from the behind-the-scenes dept.

An anonymous reader quotes a report from Neowin: A new strain of malware designed for Android devices has recently been discovered, which not only can silently record audio and video, but can also monitor texts and calls, modify files, and ultimately spawn ransomware. Dubbed as 'GhostCtrl' by researchers over at Trend Micro, the malware is apparently a variant of OmniRAT, a remote administration tool for Android, which is available to the public. It also appears to be part of a wider campaign that targeted Israeli hospitals, where a worm called RETADUP surfaced back in June. According to the report, there are three versions of the malicious software. The first variant stole information and controlled a device's functionalities, while the second added new features to exploit. The third one combines all the features of the old versions, and adds even more malicious components into its system. The latest iteration of GhostCtrl can now monitor call logs, text messages, contacts, phone numbers, location, and browsing history. Furthermore, it has the ability to record the victim's Android version, battery level, and Bluetooth information. To make make matters worse, it can now also spy on unsuspecting victims by silently recording audio and video. The malware distributes itself via illegitimate apps for WhatsApp or Pokemon GO. Trend Micro suggests you keep your Android devices up to date and data backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.

15 of 69 comments (clear)

  1. Re:Frightening and laughable by Anonymous Coward · · Score: 2, Insightful

    It is almost as if this was designed to order by the various TLA's to spy on to without you knowing.

    Oh wait...

  2. Re:Walled Garden by Anonymous Coward · · Score: 2, Informative

    Apps that do what GhostCtrl does but on iPhones are rife in the app store.

    You just have to know where to look. The walled garden's cracks started showing years ago.

  3. Update the devices? As in buy new? by Anonymous Coward · · Score: 3, Interesting

    Thanks Trend Micro for that advice! Except most tablet vendors stop supporting or changing the software on the tablet so unless you could have put Canyogenmod on the tablet you won't be able to upgrade. Oh wait. You can't even get cyogenmod as an update anymore. The software upgrade path is the only positive thing Apple has going for its tablets.

    Perhaps Microsoft tablets will be upgradeable like the zune has been updated?

    BTW anyone catch the averts for HP printers? Pointing out how old printers are insecure and you should just upgrade to HP? 'Cept the old insecure printers that still work are HPs. Still working is the point. If the sunk cost gear is still working - why replace it due the manufacturer not creating the replacement need by allowing insecure devices to function on the network?
           

  4. Re:Walled Garden by Anonymous Coward · · Score: 3, Informative

    Now, what's so bad about Apple's walled garden again?

    What's bad is it isn't infallible https://www.theiphonewiki.com/wiki/Malware_for_iOS

  5. Re:Walled Garden by sheramil · · Score: 3, Funny

    Apple's malware costs so much more. If I could afford an iPhone, I'd be worth stealing from.

  6. It's Not a Bug, It's a Feature by organgtool · · Score: 4, Funny

    GhostCtrl is not a bug, it's a new daemon for systemd. It's meant to provide a centralized method for viruses and ransonware to control your system.

    1. Re:It's Not a Bug, It's a Feature by farble1670 · · Score: 3, Insightful

      GhostCtrl is not a bug, it's a new daemon for systemd.

      No, it's not. It's an app that requests a bunch of permission. And gets them, if the user accepts. It's nothing more than an app. An app you had to sideload, only after going into settings and allowing apps to be be sideloaded and accepting the various scary warnings you will see in the process.

      It can do things like lock the screen because it requests to be a device policy admin.
      https://developer.android.com/...

      This is what allows Android to be used in for example enterprise environments where the lock screen needs to have enterprise-specific policy. Note there's a UI flow *required* for any app to escalate to being a device policy admin. The user had to explicitly allow it. Note that it couldn't disguise itself or otherwise attempt to trick the user.

      These articles are published by corporations who have an interest in scaring you into buying their products and services. They never explain all the hoops they had to jump through to have the device compromised.

  7. Apple vs. Android by Qbertino · · Score: 3, Insightful

    There's an apple vs. android debate going on here. And while I myself use an android phone, I have to say, Apple does have the edge in this department. Their lockdown and app-screening policy basically prevents clueless users from doing to much damage.

    And I have to admit, finding the right Android phone is a PITA. I settled for a Moto G5 Plus as my newest, but I'm and expert and know what to look for, am aware of the tradeoffs *and* I know enough to be careful about installing rubbish. Some clueless ord settling for an iPhone even though it's 300 Euros more expensive than an android equivalent (a fact they are blissfully unaware of) might actually be the best choice for them.

    --
    We suffer more in our imagination than in reality. - Seneca
    1. Re:Apple vs. Android by tlhIngan · · Score: 3, Informative

      I don't want a company to control what I can and can't install in my hardware.

      Apple allows sideloading of apps since at least iOS9 without requiring you to pay $99. Anything you can compile yourself, you can load onto your iPhone with Apple's blessing. There are restrictions of course, but Apple is letting you load your stuff onto your phone (and others you can physically get access to).

      The funny thing is, you'd expect an "open source app repo" to have sprung up consisting of apps and games you build and load yourself, but I haven't seen one. But yes, it's a way to get verboten apps on iPhone, and many emulators use this method - because naturally, they were open source to begin with.

      And while technically, you're not supposed to, closed-source can use the same mechanism to get onto iPhones as well - many piracy sites use the same mechanism to load pirated apps onto iPhones.

  8. Just reminding myself by MrKaos · · Score: 2

    Why I chose an operating system platform that was open sourced. Not free but freed software. It seems the further software gets from being open the more we have to put up with crap like this. Sure, shiny is good, but control is better.

    --
    My ism, it's full of beliefs.
    1. Re:Just reminding myself by MrKaos · · Score: 3

      Which is the usable mobile OS that's more free/freed/open (using any definition you prefer) than Android?

      It was directed at Android. My lament is that I am forced to have one arm tied behind my back for what is essentially a linux box that I own and can't have root access to.

      So not having a go at Apple gear at all. I'm criticizing my platform of choice, sorry, I probably didn't make that clear. (tired)

      This is reminding me why I pay extra for an Apple device every few years.

      Sure, though you've got a different set of guys with access to your data. Please don't take this as a slight or disdain for apple users or their products, moreover an observation of the contempt intelligence agencies show apple users, calling them zombies and making fun of them while hiding behind the state. It doesn't sit well with me, fooling people just going about their business like that.

      I've liked Apple gear, I have an iPhone I don't use much. I wouldn't mind playing around with their gear however they have got the walled garden philosophy, which is not really my choice as there is plenty to do in the Android space which I would like to be more open.

      --
      My ism, it's full of beliefs.
  9. updates? by qQ7eBMsfM5gs · · Score: 2

    Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?

    1. Re:updates? by farble1670 · · Score: 3, Funny

      Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?

      Are you suggesting the act of writing new bits to flash slows the device down permanently? Yes, you are the only person that thinks that.

  10. Re:Walled Garden by iampiti · · Score: 2

    If you're in jail you can't die in car accident either. What's so bad about being in jail?

  11. More FUD by farble1670 · · Score: 3, Insightful

    Sorry, got to call FUD. If you read this,
    https://blog.trendmicro.com/tr...

    Basically this is an app that requests a ton of permissions, including being a device administrator allowing it to control the lockscreen. The user had to accept several scary warning dialogs for the app to obtain these privileges. They also had to go outside the Play store, and specifically allow untrusted apps to be sideloaded.

    TFA states this app can escalate to root, but doesn't explain how that's possible across different versions of Android / Linux and different hardware. I've never heard of a root for Android that involves simply installing an app, let alone a universal one.