Spying Android Malware Making its Rounds

Media Division | July 21, 2017

Every day, we continue to see new threats crafted to compromise various types of devices. Some of these are immediately discovered, as they attempt to breach through brute force attacks. But, others are designed to be much more insidious, and they function by installing to individual’s devices without them knowing, which allows the threat to perform its function without being detected. As we discover and block these various threats, hackers then develop new and improved threats that can perform their functions even better, or exploit a different vulnerability. With a somewhat recent type of malware strain, its purpose is to install itself secretly and cause various kinds of havoc.

Functions of the New Malware

There are a few different names that have been coined for this malware strain, but a common one that many are using is GhostCtrL. At first glance, it can appear similar to OmniRAT, which is a public remote admin tool for Android devices. GhostCtrL has quite a wide range of malicious abilities. It can monitor content within an individual’s device, such as contacts, text messages, call logs, location, internet history, and phone numbers. It can also go a step further and even record audio and video from a person’s device. In addition, it is able to log the infected Android version, battery level, and Bluetooth information. And it can even function as ransomware does by locking up an individual’s files within the device. This malware has been able to infect devices by being masked to look like other legitimate apps, such as WhatsApp or Pokemon GO.

GhostCtrL seems to have been detected as early as April 2016 and has had several variants since then. Fortunately, none of the strains appear to be coming from the actual Google Play store. Meaning, if individuals continue to only download their apps from the Play Store, they should not have to worry about infection. But, it can never hurt to have additional protection as well, such as a malware scanner on your device. In addition, it is a good idea to look over apps within the store before downloading them, just as a precaution. The Play Store typically has a very good system for reviewing apps before they are released for download, but a malicious app may slip through once in a while. There are a couple things that one can do to avoid downloading these types of apps, such as:

  • Check Reviews – Generally, if there is some sort of malicious content within the app, people will mention it within the reviews. Checking these can help to warn you before you download.
  • Do Not Download on the First Day – You should not download apps on the first day that they are released unless they are from a reputable developer. When apps are first released, they will not necessarily have any reviews, which limits you to being able to discover if they are malicious. It is better to wait a couple days to see if any negative reviews pop up, and generally, if an app is discovered to be malicious, the Play Store will be quick to remove it.

Protecting Digital Information with Cyber Security Intelligence

Of course, Android devices are not the only systems that are being infected and attacked. Organizations and individuals also need to be able to stay protected from the various threats that are out there targeting other devices. This is where cyber security intelligence has become one of the most valuable tools in protecting our digital information. It allows for various threats among the landscape to be better predicted and proactively prevented, which is vital with modern threats. Massive Alliance offers cyber security intelligence sourced from the darkest corners of the web, which helps to defend from even the most insidious attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.