New Android Malware GhostCtrl Can Take Full Control Of Your Phone
- This Malware infects Android devices and it spreads via Apps like Whatsapp, MMS and even Pokeman GO.
- It steals Call Logs, SMS, Contacts, Location and more Mobile activities.
- It can access your Phone Camera or record Audio.
How it Infects?The APK forces the user to install the malicious app, when user tries to cancel the installation, the APK will keep displaying the prompt. According to report, When the app is launched, its base64-decodes a string from the resource file and writes it down, which is actually the malicious Android Application Package (APK).
The malicious APK, after dynamically clicked by a wrapper APK, will ask the user to install it. Avoiding it is very tricky: even if the user cancels the “ask for install page” prompt, the message will still pop up immediately. The malicious APK doesn’t have an icon. Once installed, a wrapper APK will launch a service that would let the main, malicious APK run in the background.
How To Protect?
- Always Keep the device updated: Android patching is fragmented and organizations may have custom requirements or configurations needed to keep the device updated, so enterprises need to balance productivity and security
- Apply the principle of least privilege—restrict user permissions for BYOD devices to prevent unauthorized access and installation of dubious apps
- Implement an app reputation system that can detect and block malicious and suspicious apps
- Deploy firewalls, intrusion detection, and prevention systems at both the endpoint and mobile device levels to preempt the malware’s malicious network activities
- Enforce and strengthen your mobile device management policies to further reduce potential security risks
- Employ encryption, network segmentation and data segregation to limit further exposure or damage to data
- Regularly back up data in case of device loss, theft, or malicious encryption.