Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Android Security Operating Systems Software Hardware Technology

Android Backdoor 'GhostCtrl' Can Silently Record Your Audio, Video and More (neowin.net) 69

An anonymous reader quotes a report from Neowin: A new strain of malware designed for Android devices has recently been discovered, which not only can silently record audio and video, but can also monitor texts and calls, modify files, and ultimately spawn ransomware. Dubbed as 'GhostCtrl' by researchers over at Trend Micro, the malware is apparently a variant of OmniRAT, a remote administration tool for Android, which is available to the public. It also appears to be part of a wider campaign that targeted Israeli hospitals, where a worm called RETADUP surfaced back in June. According to the report, there are three versions of the malicious software. The first variant stole information and controlled a device's functionalities, while the second added new features to exploit. The third one combines all the features of the old versions, and adds even more malicious components into its system. The latest iteration of GhostCtrl can now monitor call logs, text messages, contacts, phone numbers, location, and browsing history. Furthermore, it has the ability to record the victim's Android version, battery level, and Bluetooth information. To make make matters worse, it can now also spy on unsuspecting victims by silently recording audio and video. The malware distributes itself via illegitimate apps for WhatsApp or Pokemon GO. Trend Micro suggests you keep your Android devices up to date and data backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.
This discussion has been archived. No new comments can be posted.

Android Backdoor 'GhostCtrl' Can Silently Record Your Audio, Video and More

Comments Filter:
  • Walled Garden (Score:1, Insightful)

    by Anonymous Coward

    Now, what's so bad about Apple's walled garden again?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Apps that do what GhostCtrl does but on iPhones are rife in the app store.

      You just have to know where to look. The walled garden's cracks started showing years ago.

      • by Anonymous Coward

        Nice FUD, fag. Link to the app in question or it didn't happen, bitch.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Now, what's so bad about Apple's walled garden again?

      What's bad is it isn't infallible https://www.theiphonewiki.com/wiki/Malware_for_iOS

      • by Anonymous Coward

        Sorry I forgot one more link
        https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/

    • by sheramil ( 921315 ) on Wednesday July 19, 2017 @08:38AM (#54838711)

      Apple's malware costs so much more. If I could afford an iPhone, I'd be worth stealing from.

    • If you're in jail you can't die in car accident either. What's so bad about being in jail?
    • I look at the rich choices of phones on the Android side with envy. Every time I consider a nice reasonably priced Android device (looking at you, Honor 8) news like this pops up, and I clutch my iPhone.
  • by Anonymous Coward on Wednesday July 19, 2017 @08:29AM (#54838663)

    Thanks Trend Micro for that advice! Except most tablet vendors stop supporting or changing the software on the tablet so unless you could have put Canyogenmod on the tablet you won't be able to upgrade. Oh wait. You can't even get cyogenmod as an update anymore. The software upgrade path is the only positive thing Apple has going for its tablets.

    Perhaps Microsoft tablets will be upgradeable like the zune has been updated?

    BTW anyone catch the averts for HP printers? Pointing out how old printers are insecure and you should just upgrade to HP? 'Cept the old insecure printers that still work are HPs. Still working is the point. If the sunk cost gear is still working - why replace it due the manufacturer not creating the replacement need by allowing insecure devices to function on the network?
           

    • by Anonymous Coward

      Lineageos==cyanogenmod

    • According to TFA: "The malware is distributed through apps that masquerades as legitimate apps for WhatsApp or Pokemon GO. After the APK file has been installed on a victim's device".
      While I have no idea what "apps for Whatsapp or Pokemon GO" means (maybe "for" should be "as"), the second part about installing the APK suggests that this happens when a user "sideloads" (I hate the term, implies there's something wrong with it, as if we were only ever supposed to install programs blessed by the OS corporate
    • Depends on the manufacturer. I have a BQ and I have no issues with a lack of updates. (The Zuk Z1 before that was a different story altogether, admittedly. To be fair, though, that was because Zuk made the mistake of partnering with Cyanogen Inc.)

      Unfortunate as it is, the presence or lack of a solid update scheme is a distinguishing feature between manufacturers - one you won't find in a feature matrix. Looking into it can help you avoid making mistakes.
  • by organgtool ( 966989 ) on Wednesday July 19, 2017 @08:43AM (#54838735)
    GhostCtrl is not a bug, it's a new daemon for systemd. It's meant to provide a centralized method for viruses and ransonware to control your system.
    • by farble1670 ( 803356 ) on Wednesday July 19, 2017 @02:47PM (#54841545)

      GhostCtrl is not a bug, it's a new daemon for systemd.

      No, it's not. It's an app that requests a bunch of permission. And gets them, if the user accepts. It's nothing more than an app. An app you had to sideload, only after going into settings and allowing apps to be be sideloaded and accepting the various scary warnings you will see in the process.

      It can do things like lock the screen because it requests to be a device policy admin.
      https://developer.android.com/... [android.com]

      This is what allows Android to be used in for example enterprise environments where the lock screen needs to have enterprise-specific policy. Note there's a UI flow *required* for any app to escalate to being a device policy admin. The user had to explicitly allow it. Note that it couldn't disguise itself or otherwise attempt to trick the user.

      These articles are published by corporations who have an interest in scaring you into buying their products and services. They never explain all the hoops they had to jump through to have the device compromised.

  • Apple vs. Android (Score:4, Insightful)

    by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Wednesday July 19, 2017 @08:58AM (#54838845)

    There's an apple vs. android debate going on here. And while I myself use an android phone, I have to say, Apple does have the edge in this department. Their lockdown and app-screening policy basically prevents clueless users from doing to much damage.

    And I have to admit, finding the right Android phone is a PITA. I settled for a Moto G5 Plus as my newest, but I'm and expert and know what to look for, am aware of the tradeoffs *and* I know enough to be careful about installing rubbish. Some clueless ord settling for an iPhone even though it's 300 Euros more expensive than an android equivalent (a fact they are blissfully unaware of) might actually be the best choice for them.

    • With Apple certainly having few options makes the choice easier. You also know all possibilities are good enough.
      Anyway, I guess you're aware that Android phones prevent you from manually installing apps until you change a setting. Also, it might not matter to most people but the Apple way severely limits your freedom. I don't want a company to control what I can and can't install in my hardware.
      • Re:Apple vs. Android (Score:4, Informative)

        by tlhIngan ( 30335 ) <slashdot@wor[ ]et ['f.n' in gap]> on Wednesday July 19, 2017 @11:27AM (#54840033)

        I don't want a company to control what I can and can't install in my hardware.

        Apple allows sideloading of apps since at least iOS9 without requiring you to pay $99. Anything you can compile yourself, you can load onto your iPhone with Apple's blessing. There are restrictions of course, but Apple is letting you load your stuff onto your phone (and others you can physically get access to).

        The funny thing is, you'd expect an "open source app repo" to have sprung up consisting of apps and games you build and load yourself, but I haven't seen one. But yes, it's a way to get verboten apps on iPhone, and many emulators use this method - because naturally, they were open source to begin with.

        And while technically, you're not supposed to, closed-source can use the same mechanism to get onto iPhones as well - many piracy sites use the same mechanism to load pirated apps onto iPhones.

  • by MrKaos ( 858439 ) on Wednesday July 19, 2017 @09:26AM (#54839057) Journal

    Why I chose an operating system platform that was open sourced. Not free but freed software. It seems the further software gets from being open the more we have to put up with crap like this. Sure, shiny is good, but control is better.

    • by radish ( 98371 )

      Huh? Which is the usable mobile OS that's more free/freed/open (using any definition you prefer) than Android? iOS is much further from free than Android, and yet this type of malware simply doesn't exist there. Say what you like about walled gardens restricting personal freedom to tinker (and they certainly do) - from a security point of view Apple have shown themselves to be great guardians of their devices (and, by extension, their users).

      This is reminding me why I pay extra for an Apple device every few

      • by MrKaos ( 858439 ) on Wednesday July 19, 2017 @10:54AM (#54839757) Journal

        Which is the usable mobile OS that's more free/freed/open (using any definition you prefer) than Android?

        It was directed at Android. My lament is that I am forced to have one arm tied behind my back for what is essentially a linux box that I own and can't have root access to.

        So not having a go at Apple gear at all. I'm criticizing my platform of choice, sorry, I probably didn't make that clear. (tired)

        This is reminding me why I pay extra for an Apple device every few years.

        Sure, though you've got a different set of guys with access to your data. Please don't take this as a slight or disdain for apple users or their products, moreover an observation of the contempt intelligence agencies show apple users, calling them zombies and making fun of them while hiding behind the state. It doesn't sit well with me, fooling people just going about their business like that.

        I've liked Apple gear, I have an iPhone I don't use much. I wouldn't mind playing around with their gear however they have got the walled garden philosophy, which is not really my choice as there is plenty to do in the Android space which I would like to be more open.

  • I just have to say, thanks for advertising this tool. Now I can admin my family without having to constantly travel, get them to meet me, get the phones, etc. It is cheap and well.. the developer is the owner. Pretty nice job so far.

    Amazing: Try and make it sound bad.. and I love it.

  • Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?
    • Re:updates? (Score:4, Funny)

      by farble1670 ( 803356 ) on Wednesday July 19, 2017 @02:37PM (#54841479)

      Am I the only person who turns off Android and apps updates on each brand new Android phone because after while they make the phone sluggish?

      Are you suggesting the act of writing new bits to flash slows the device down permanently? Yes, you are the only person that thinks that.

  • One more reason why we need hardware on/off switches and indicator lights for sensors and radios.

    Turn the mic off - it will be impossible to record.

    See that the mic-indicator light off - assurance mic is not in use.

    Ditto camera, bluetooth, wifi, cellular radio, etc.

  • > Trend Micro suggests you keep your Android devices up to date and data backed up regularly. They also recommend using an app reputation system that can detect suspicious and malicious apps.

    Ok, so what the fuck is the point of Google Play/Store, then, if not to say "this is a legitimate app"? And why allow side channels for installation, e.g. via WhatsApp, if it's got problems like this and no QA?
    • And why allow side channels for installation, e.g. via WhatsApp, if it's got problems like this and no QA?

      Because then people like you would be whining about the Google Walled Garden, and we don't like whining.

      • Seems perfectly reasonable to have a walled garden, and an option to unlock the phone but then no warranty, support, etc. How's that for whining, fucko?
        • Okay sure.

          Seems perfectly reasonable to have a walled garden, and an option to unlock the phone but then no warranty, support, etc. How's that for whining, fucko?

          It sure does seem reasonable, and that's pretty much how Android works now. So I'd have to say pretty poor whining on your part.

          And why allow side channels for installation, e.g. via WhatsApp, if it's got problems like this and no QA?

          Interesting. What would said QA test? That every single app coded on the face of the planet, even the ones Google or anyone else knows about, aren't malicious? I guess said QA would need to decompile every app and go over every line of code to ensure they aren't doing anything malicious. And if the app used the network, we'd need to get the source to all of the servers it

        • You had to Foe me? I guess mom and dad never disagreed with you. It must be quite shocking, I apologize for not handling you more gently.

          • Pffttt... Them adding you as a foe is a badge of honor. Wear it with pride!

          • Well, when you randomly comment on someone you don't know, who didn't insult you, calling them a whiner, yeah -- you get "foe'd". And look, you went for it again. At least you're consistently an asshole, so you've got that going for you.
  • More FUD (Score:4, Insightful)

    by farble1670 ( 803356 ) on Wednesday July 19, 2017 @02:35PM (#54841457)

    Sorry, got to call FUD. If you read this,
    https://blog.trendmicro.com/tr... [trendmicro.com]

    Basically this is an app that requests a ton of permissions, including being a device administrator allowing it to control the lockscreen. The user had to accept several scary warning dialogs for the app to obtain these privileges. They also had to go outside the Play store, and specifically allow untrusted apps to be sideloaded.

    TFA states this app can escalate to root, but doesn't explain how that's possible across different versions of Android / Linux and different hardware. I've never heard of a root for Android that involves simply installing an app, let alone a universal one.

There are two kinds of egotists: 1) Those who admit it 2) The rest of us

Working...