A new strain of malware designed for Android devices has recently been discovered, which not only can silently record audio and video, but can also monitor texts and calls, modify files, and ultimately spawn ransomware.
Dubbed as 'GhostCtrl' by researchers over at Trend Micro, the malware is apparently a variant of OmniRAT, a remote administration tool for Android, which is available to the public. It also appears to be part of a wider campaign that targeted Israeli hospitals, where a worm called RETADUP surfaced back in June.
According to the report, there are three versions of the malicious software. The first variant stole information and controlled a device's functionalities, while the second added new features to exploit. The third one combines all the features of the old versions, and adds even more malicious components into its system.
The latest iteration of GhostCtrl can now monitor call logs, text messages, contacts, phone numbers, location, and browsing history. Furthermore, it has the ability to record the victim's Android version, battery level, and Bluetooth information. To make make matters worse, it can now also spy on unsuspecting victims by silently recording audio and video.
The malware is distributed through apps that masquerades as legitimate apps for WhatsApp or Pokemon GO. After the APK file has been installed on a victim's device, a process called 'com.android.engine,' a backdoor function of the malware to mislead the user into thinking that it is a safe component of the system is also loaded. However, in reality, this process contacts the malware's Command & Control (C&C) server, which will then give it instructions on what to record or steal from the victim.
Lastly, GhostCtrl has the capability to become mobile ransomware. It can lock the screen, reset the password, and root the device. During this process, it can also steal more information and send them over to the C&C server.
Trend Micro suggests that Android devices should regularly be kept updated, and that data should be backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.