Android is the most used operating system in smartphones of the current age. And this is most attacked OS by various malware. And today, it's the turn to talk about a new one. That is GhostCtrl, a remote access Trojan that has already made destructions in a series of computer attacks in Israel.
Apparently, this malware was initially created for Windows operating systems. Although it is now attacking the Android devices. It has the first detection earlier this year in various attacks against Windows. But now it acts on Android devices and is arguably one of the most potent threats detected in quite some time.
How GhostCtrl works
It carries out a series of malicious actions that put the security of the users at risk. Here is the complete list of measures that GhostCtrl performs:
- Allows you to record audio and video from infected devices
- Has full control over calls and SMS
- Install and open applications (possibly also malicious)
- Root of the infected device
- Receive orders from a remote C & C server
- Upload and download files from your C & C server
- It has the full control over Bluetooth and Wi-Fi services
That is one of the most powerful malware on Android devices in a long time. But apparently, it also acts as ransomware and can hijack the phone. And a ransom of up to 75 $ is requested in some cases.
How to Avoid GhostCtrl Virus/Ransomware
GhostCtrl, as its name implies, acts like a ghost. That makes it almost impossible for an antivirus to detect it. The main recommendation is to have our Android device updated at all times and control the permissions of the applications.
It is possible that there are different versions of this malware circulating in the network. It attacks directed against users and large organizations, so the first thing to be careful is when installing applications from third-party sources. And any file or data that reach us, for example, through e-mail, Facebook attachment.
Also, Trend Micro experts advise us to have our devices fully up-to-date. And control application permissions and restrict them to the minimum whenever possible to prevent certain applications from taking control, without authorization, from our system.