Weeks after discovering a malicious agent programmed to snatch patient data from Israeli hospitals, Dutch cybersecurity firm Trend Micro has come across another nasty attack vector: An Android vulnerability that allows ill-intended individuals to surreptitiously take over control of your device.
Dubbed GhostCtrl, Trend Micro researchers claim they have been able to detect at least three distinctive variations of the malware. While the first two were designed to scrape data and remotely control various phone features, the third iteration combines the best of the previous two – and then adds more.
The worst part is that the cybersecurity pundit predicts the vulnerability will continue to evolve.
According to their findings, GhostCtrl is an extension of the data-extracting worm spreading among Israeli hospitals and the infamous OmniRAT exploit that first made headlines with its claims to remotely hijack Windows, Mac and Linux systems via any Android device – and vice versa.
The malicious software is often camouflaged as legitimate apps such as WhatsApp and Pokemon Go. Once launched, the main app proceeds to install a hidden malicious Android Application Package (APK) that runs in the background.
At that point, attackers can exploit this backdoor to get infected devices to do its bidding. Trend Micro warns that the flaw allows for the execution of a fairly wide range of commands, enabling hackers to specify and target the content without the owner’s consent or knowledge.
The company has since published a list of executable action codes that allows hackers to:
- Monitor your sensors’ data in real-time
- Delete, modify and transfer files in your system
- Call and send texts to your contacts
- Collect information like call logs, SMS records, location entries as well as browser bookmarks.
Here is the full list:
In addition to all of this, the researchers note that GhostCtrl also has the capacity remotely reset passwords, play different…