Windows 10 News and info | Forum
February 17, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: This scary Android malware can record audio, video and steal your data  (Read 68 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 27878


I Do Windows


WWW Email
« on: July 18, 2017, 05:30:53 PM »
ReplyReply

Researchers have discovered malware which creates a backdoor into devices, allowing attackers to steal data, record audio and video -- and even potentially deploy ransomware.

A new form of malware has proved to be one of the most advanced Android information-stealers ever discovered, enabling attackers to open a backdoor in order to monitor data, steal information, record audio, and video, and even infect the phone with ransomware.

Dubbed GhostCtrl, the malware can stealthily control many of the infected device's functions -- and researchers have warned that this is just the beginning, and the malware could evolve to become a lot worse.

This new malware appears to be based on OmniRAT, a form of spying software capable of giving hackers full remote control of devices running Windows, Mac, Linux, and Android -- although, unlike its apparent predecessor, GhostCtrl focuses purely on Android.

Mobile devices have become an increasingly valuable target for cyber criminals and those conducting espionage, not only because they can provide information about virtually every aspect of a target's lives, but because the device will almost always be with them.

Discovered by researchers at Trend Micro, GhostCtrl forms part of a wider campaign targeting Israeli hospitals with the information-stealing Windows RETADUP worm -- but the mobile arm of the attack represents an even more dangerous threat to victims.

In total, there are three versions of GhostCtrl -- one which steals information and controls some of the device's functions, a second which adds more features to hijack, and now the malware is on its third version which combines the most advanced capabilities of previous incarnations while adding further malicious capabilities.

Those include monitoring the phone's data in real time, and the ability to steal the device's data, including call logs, text message records, contacts, phone numbers, location, and browser history. GhostlCtrl can also gather information about the victim's Android version, wi-fi, battery level, and almost any other activity.

The most worrying aspect of the malware isn't just its ability to intercept messages from contacts specified by the attacker, as GhostCtrl can also stealthily record audio and video, enabling the attackers to conduct full-on espionage on victims.

Users become infected with the malware by downloading fake versions of legitimate popular apps, including WhatsApp and Pokemon Go.When launched, GhostCtrl installs a malicious Android application package (APK) in order to take over the device.

This APK contains backdoor functions named 'com.android.engine' designed to trick the user into thinking it's a legitimate application when what it's really doing is connecting to a command and control server to receive instructions on what information to steal.

GhostCtrl has the capability to become ransomware, with the ability to lock devices. However, this capability has yet to be seen in the wild and given the malware's emphasis on stealth, it's unlikely the attackers will deploy it anytime soon unless they massively change their tactics.

The very nature of this malware means it's difficult to protect against -- although taking care to only install legitimate applications from legitimate sources would be a good way of avoiding downloading it in the first place.

Trend Micro researchers also recommend that Android devices should be kept as updated as possible and that enterprises should restrict permissions on company devices to prevent the installation of malware.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 04, 2017, 05:54:42 AM