GhostCat
The GhostCat malware is a particularly cunning threat as it operates without leaving any traces of its hazardous activity. Instead of infiltrating the device itself, the GhostCat threat works within the Web browser of the victim. The authors of the GhostCat malware have made sure that unless all the criteria set for the attack are met, the threat will not launch the attack. The GhostCat malware will check if the user is browsing any of the over one hundred websites, which are compatible with the threat.
Table of Contents
Propagated Via Advertisements
The GhostCat malware is propagated via various advertising networks. However, these ad networks are spreading the GhostCat threat unknowingly because the authors of this malware have made sure that the code of their creation is so heavily obfuscated that it will manage to bypass the security measures set up by the advertising companies. If you think you are safe because you have Adblock or similar service installed, think again – the GhostCat malware's obfuscated code is likely to remain under the radar of such services too.
Capable of Avoiding Sandbox Environments
To avoid malware debugging environments, the GhostCat threat runs a few tests to unearth whether it is being executed in a sandbox territory or a regular system. If the GhostCat threat spots any software linked to malware debugging, it will halt its activity immediately.
Capabilities
However, if the GhostCat determines that it has infiltrated a regular system, it will begin its attack, which is carried out in several steps:
- Determines whether the infiltrated host is an iPhone device or an Android device.
- Determines the geographical location of the victim based on their IP address.
- Determines the Web browser present on the device.
- Runs another test to make sure that the device is not used for malware debugging.
If all the GhostCat malware's criteria are met, the victim will be redirected to a URL that hosts bogus raffles and giveaways. It is likely that this is a tactic that is meant to trick users into giving away sensitive information such as credit card details or login credentials.
Advertising networks may not be propagating this threat intentionally, but this does not change the fact that the GhostCat threat is nonetheless being spread around the Web. Be mindful when viewing advertisements and avoid dodgy websites as they are more likely to bring harm to you and your system. Make sure you have an anti-malware tool and do not forget to update it regularly.
