New Android malware steals data, records audio and video, infects phone with ransomware

29 Jul 2017

A new malware, and reported to be the most advanced Android information-stealer, allows hackers to open a backdoor in order to monitor data, steal information, record audio and video, and even infect the phone with ransomware.

The malware, GhostCtrl, as it is called, can stealthily control many of the infected device's functions.

According to researchers this was only the beginning as the malware could evolve and pose a bigger threat.

According to experts, the new malware appeared to be based on OmniRAT, a form of spying software that can allow hackers full remote control of devices running Windows, Mac, Linux, and Android. But unlike its apparent predecessor, GhostCtrl is purely Android-focused.

Mobile devices are attracting greater attention of cybercriminals and those conducting espionage, not only due the information that can be gained on every aspect of a target's life but also because the device will almost always be with them.

The malware was discovered by researchers at Trend Micro, and is part of a wider campaign targeting Israeli hospitals with the information-stealing Windows RETADUP worm.

According to experts, the mobile arm of the attack represented an even more dangerous threat to victims.

In total, three versions of GhostCtrl are on the prowl, one version steals information and controls some of the device's functions, version two adds more features to hijack, and the third version combines the most advanced capabilities of previous incarnations while adding further malicious capabilities.

Meanwhile, Android devices have become vulnerable to Lipizzan a new spyware family, that allows hackers to record through a victim's device microphone, snap photos with their camera, take screenshots, exfiltrate SMS messages, and steal data from a long list of apps.

The spyware was first discovered by security researchers at Google, who detailed their findings in a Wednesday blog post.

The researchers came to know about Lipizzan while they were investigating another spyware called Chrysaor.