Over the last few months, ransomware names like WannaCry, Petya and NotPetya have been dominating the cybersecurity headlines.
Now, there is another one you need to be aware of:
Meet GhostCtrl, a new type of Android Remote Access Trojan (RAT) that locks mobile devices by resetting personal identification numbers.
GhostCtrl was recently used as part of a large cyberattack against multiple Israeli healthcare companies. The group equipped a GhostCtrl RAT with another tool called OmniRAT, which is capable of attacking four major operating systems including Android, Mac OS, Linux and Windows.
This dangerous form of mobile ransomware can hurt your business in many different ways.
Here are its confirmed features:
“Ability to root infected Android devices
Communicates with a remote C&C server
Control the Wi-Fi state
Monitor the phone sensors in real time
Set phone's UiMode, like night mode/car mode
Control the vibrate function, including the pattern and when it will vibrate
List the file information in the current directory and upload it to the C&C server
Delete a file in the indicated directory
Rename a file in the indicated directory
Upload a desired file to the C&C server
Download pictures as wallpaper
Create an indicated directory
Use the text to speech feature
Send SMS/MMS to a number specified by the attacker
Intercept SMS messages from phone numbers specified by the attacker
Call a phone number indicated by the attacker
Record voice or audio, then upload it to the C&C server at a certain time
Delete browser history
Control the system infrared transmitter
Run a shell command specified by the attacker and upload the output result
Collect call logs, SMS records, contacts, phone numbers, SIM serial number, location, browser bookmarks, Android OS version, username, Wi-Fi details, battery status, Bluetooth info, audio states, UiMode, service processes, activity information, clipboard data, wallpaper images, data from the camera, sensors, the browser, and searches, and many more.”
The following abilities are not common to most Android RATs. However, they were discovered in the GhostCtrl RAT:
“Clear/reset the password of an account specified by the attacker
Configure the phone to play different sound effects
Set specific content in the Clipboard
Control the Bluetooth to search and connect to another device
Set the accessibility to TRUE and terminate an ongoing phone call”
For more information about GhostCtrl, check out BleepingComputer.
To learn more about how Apex Technology Services can help keep your business safe from this type of threat, click here.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.