“GhostCntrl” New Android Malware with remote capabilities
TrendMicro has discovered a new malware that is capable of infecting a wide range of smart devices powered by Android. This malware allows attackers to have complete control over the victim’s device and its various capabilities.
A new malicious software called GhostCntrl, discovered by TrendMicro security experts, is actually an example of malware that has previously been theft of critical information from hospitals and healthcare facilities. The main malware is the worm called RETADUP, which caused a lot of contamination. GhostCntrl, in contrast to the traditional process that we are witnessing in the current malware activity, can take control of a wide range of features and features of the Android device after the outsourcing of remote attackers. Here’s a closer look at the various versions of the malware, as well as its function and mechanism.
There are currently three different versions of the GhostCntrl malware detected. The original version of the malware allows attackers to steal information and take control of the significant capabilities of the target device. In the second version, the malware allows the attacker to capture a wider range of capabilities and control components of the victim machine.
With all the explanations, both versions lack the capabilities beyond the capabilities of cyber security malware. Identifying and, ultimately, observing activities and changes are simpler. The main problem is the third-generation GhostCntrl, which uses methods beyond the control of the current malware market to penetrate, making it much more difficult to identify. Simply put, the third version of this advanced malware has been able to operate with a different mechanism, from the capabilities we see in the first two versions. GhostCntrl, as evidenced by the evidence, is in the process of optimizing and developing the multi-platform device for remote control of electronic devices called OmniRAT. This can be detected by checking resources.arsc files. These files indicate that the malware has been developed using the backend developed by developers in OmniRAT. OmniRAT, commercially available to its users, became known in 2015. In 2015, exploiters have exploited this remote access tool to infect Android, Windows, and Linux devices. A permanent license to buy OmniRAT costs less than $ 100, while cracked versions of this tool are also widely available on the market.
GhostCntrl introduces itself as a legitimate and unprotected software such as the Wattec Messenger or the Pokemon-Goo system. When you touch the installation file for the first time, the application automatically requests the victim to complete the installation process. After that, a message from the user wants to install the app, even if the touch of the icon still remains the option of installing on the screen. Notably, you will not see any traces of the program icon when you finish the installation process. After this step, the malware stays on the background of the phone, and even resets the memory by turning the phone off and on. The malware is designed to be activated as a com.android.engine to prove that software is legit and unproblematic among phone processes.
After this step, the malware communicates with the special send and control server and waits for instructions. The server is managed by the attacker. The information that passes between the infected machine and the command server and intruder control passes through the fully encrypted channel.
Among the instructions that can be remotely exploited by the attacker, you can see the commands for turning on and off Wi-Fi, monitoring and controlling device sensors, controlling the vibration capability, and controlling the infrared sensor. Even the attacker can go beyond these steps and download the background for your phone’s screen and change the default screen. Getting a complete list of files on the device and their details, such as file size and the last time you have access to them, or even the ability to rename and delete files, is one that the attacker can use remotely.
The ability to send textual or multimedia messages from infected machines is also significant. Even it’s possible to make voice calls from the victim’s phone by attackers. The attacker can either delete text messages or erase the history of the web browser on infected devices. Command line commands can also be executed by the attacker.
Among the features that are unique in GhostCntrl and rarely seen in other remote access tools, there is the possibility of changing or resetting user account passwords. Changing the information stored on the clipboard, playing audio files on the infected machine, ending the phone call, and controlling the infected device through a Bluetooth chip are also other intriguing features of the smartphone.
Though Android security holes and malware are full of news coverage, note that Apple’s iOS operating system has experienced similar challenges. Apple, with iOS as the main rival of Google Android, is currently facing a variety of security issues in its smart e-ecosystem. For example, a recent announcement about the discovery of a dangerous security hole in Apple products, including the iPhone 5 and newer models, the iPad 4 and its subsequent models, as well as the sixth generation of Apple iPods, has been released. This security hole is on the monitored Wi-Fi Broadcom chipset. Details of the full extent of the use of intruders from this security hole will be announced at the BlackHat Conference in Las Vegas. With these interpretations, it must be admitted that both the dominant operating systems of the smart e-marketplace are struggling with widespread security problems. Problems that can put the user’s privacy and security at serious risk.
Source : trendmicro