{"id":2465,"date":"2017-07-24T05:31:21","date_gmt":"2017-07-24T05:31:21","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=2465"},"modified":"2020-08-18T22:59:50","modified_gmt":"2020-08-18T17:29:50","slug":"ghostctrl-android-malware-locks-device-demands-ransom","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/","title":{"rendered":"GhostCtrl Android Malware, Locks Device, Demands Ransom"},"content":{"rendered":"

GhostCtrl Android malware is a backdoor that can control the functionalities of an infected Android device. It is a Remote Access Trojan (RAT) that can also steal and exfiltrate information. It can reset the pin of an Android device, lock the device and then demand a ransom to unlock the device.<\/p>\n

\"android<\/p>\n

GhostCtrl is based on the infamous OmniRAT that can remotely take control of multiple operating systems such as Windows, Linux, and Mac systems. GhostCtrl<\/strong> could be considered to be the deadliest version of the OmniRAT, yet. The OmniRAT first came to be noticed in November 2015 and was the only malware that could affect multiple operating systems. It’s creators or marketers, offered it as software as a service \u2013 and rather cheaply too. This enabled many cyber criminals to subscribe to this malware and use it for their malicious activities.<\/p>\n

OmniRAT spyware provides full remote control of devices – from desktops to phones. The attack tricks a user to click on a link in an SMS message and the spyware gets loaded on to the device.<\/p>\n

The Latest Attack<\/strong><\/p>\n

The latest version of this omnipotent malware \u2013 GhostCtrl \u2013 has been used to target Israeli healthcare organizations. The continuous campaign targeted Windows computers as well as Android devices of users connected to the healthcare organizations<\/a>. Cyber security<\/strong> researchers who analyzed the attack discovered that the malware was a sophisticated combination of a worm, a remote access Trojan (RAT) that functioned as a backdoor, and a data stealer.<\/p>\n

Capabilities of GhostCtrl Android Malware<\/strong><\/p>\n

The GhostCtrl malware used to target Android devices acquires numerous dangerous permissions. It has the ability to access and infect even the root of the device and can contact a command and control (C&C) server and send information from the device. It can list, rename, send, delete files from the C&C server. It can also download files from the C&C server onto the device, which could be even more dangerous payload.<\/p>\n

The GhostCtrl malware can send SMS\/MMS to specific numbers, intercept SMS from specific numbers, as well delete text messages.<\/p>\n

The malware can control the state of the Wi-Fi overriding the controls set by the user, which allows it to connect to Wi-Fi at times of its choosing. GhostCtrl can record audio and send that info as a file. It can also call specific phone numbers, and send details in the contact list, phone numbers, message records, the OS version, SIM number, the user name, data stored on the clip board, photos, etc…,<\/p>\n

It can download wallpapers and use that as the lock screen. GhostCtrl also has the capability to monitor the various sensors on the phone.<\/p>\n

How to Ensure Android Security<\/strong><\/p>\n

The GhostCtrl Android malware is very dangerous and the general advice would be not to install apps from outside Google Play Store. Additionally, a robust Android antivirus<\/a> solution that offers effective protection against zero-day exploits and next-generation malware threats is needed even for Android devices.<\/p>\n

\"Antivirus<\/a><\/p>\n

\"comodo<\/a><\/p>\n

————————————————————————————————————————————————–
\nRelated Resources:<\/strong>
\n<\/strong><\/p>\n

https:\/\/antivirus.comodo.com\/blog\/computer-safety\/five-best-virus-and-malware-removal-tools\/<\/a><\/strong><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

GhostCtrl Android malware is a backdoor that can control the functionalities of an infected Android device. It is a Remote Access Trojan (RAT) that can also steal and exfiltrate information. It can reset the pin of an Android device, lock the device and then demand a ransom to unlock the device. GhostCtrl is based on […]<\/p>\n","protected":false},"author":5,"featured_media":2753,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[18,63],"class_list":["post-2465","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-antivirus-for-android","tag-free-antivirus"],"yoast_head":"\nGhostCtrl Android Malware, Locks Device, Demands Ransom<\/title>\n<meta name=\"description\" content=\"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GhostCtrl Android Malware, Locks Device, Demands Ransom\" \/>\n<meta property=\"og:description\" content=\"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-24T05:31:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-18T17:29:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/\",\"name\":\"GhostCtrl Android Malware, Locks Device, Demands Ransom\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png\",\"datePublished\":\"2017-07-24T05:31:21+00:00\",\"dateModified\":\"2020-08-18T17:29:50+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png\",\"width\":225,\"height\":170,\"caption\":\"Android Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GhostCtrl Android Malware, Locks Device, Demands Ransom\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GhostCtrl Android Malware, Locks Device, Demands Ransom","description":"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/","og_locale":"en_US","og_type":"article","og_title":"GhostCtrl Android Malware, Locks Device, Demands Ransom","og_description":"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2017-07-24T05:31:21+00:00","article_modified_time":"2020-08-18T17:29:50+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png","type":"image\/png"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/","name":"GhostCtrl Android Malware, Locks Device, Demands Ransom","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png","datePublished":"2017-07-24T05:31:21+00:00","dateModified":"2020-08-18T17:29:50+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"GhostCtrl Android malware is a Remote Access Trojan that steals and exfiltrate information and controls the functionalities of an infected Android device.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/07\/android-mob-security.png","width":225,"height":170,"caption":"Android Security"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/ghostctrl-android-malware-locks-device-demands-ransom\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"GhostCtrl Android Malware, Locks Device, Demands Ransom"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/2465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=2465"}],"version-history":[{"count":10,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/2465\/revisions"}],"predecessor-version":[{"id":14996,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/2465\/revisions\/14996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/2753"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=2465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=2465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=2465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}