Light Dark
July 18, 2017 By Shane Schick 2 min read

An Android-based backdoor threat known as GhostCtrl could allow cybercriminals a scary range of capabilities. A successful exploit may enable actors to do everything from using text-to-speech tools and connecting to other devices using Bluetooth to stealing data, researchers recently warned.

The Evolving Threat

The threat was first detailed in a blog post from Trend Micro, which said that GhostCtrl has had at least three iterations but showed unusual capabilities in its latest version. Researchers believed that the backdoor was developed from OmniRAT, a remote access tool (RAT) that first emerged as a security threat in 2015.

Unlike some more limited pieces of malware, there’s a laundry list of things the backdoor could do. This included hanging up on phone calls, recording audio, playing sound effects and resetting passwords, Trend Micro noted.

According to Help Net Security, GhostCtrl may dupe potential victims by posing as popular apps such as “Pokemon Go” or WhatsApp. Once downloaded, however, it launches a malicious Android application package (APK) that uses a wrapper to hide in the background without an icon on the user’s smartphone screen.

GhostCtrl Has Wider Impact, Longer Reach

GhostCtrl represents more than just an annoyance to consumers. It has already been used to target health care organizations in Israel, Bleeping Computer reported, looking for information to offer via underground criminal networks. It can also be used as a ransomware tool, displaying a note demanding money after locking victims out of their devices.

There’s a wealth of information available for the creators of GhostCtrl to hijack, Trend Micro added. Phone records, subscriber identity module (SIM) serial numbers, operating system (OS) versions, browser searches and more — this is a backdoor with long reach. Even if potential victims suspect they’re in danger, the cybercriminals behind it keep running pop-ups until users are worn down and allow installation to take place.

There are still ways for Android users to ward off GhostCtrl, such as hardening security policies in their settings and making use of antivirus tools. Being vigilant is key, however, since the backdoor will display the Android name as it seeks access to the command-and-control (C&C) server to look more like a bona fide process.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

May 14, 2024

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

May 14, 2024

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended RSAC…

May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature