The GhostCtrl malware is a threat designed to target Android devices. This threat is known to operate very silently and may remain on an infected host over a prolonged period without being spotted by the victim. The GhostCtrl Trojan may mask itself as a genuine component by naming itself ‘android.engine.’ This may mislead users and allow the threat to evade detection.
According to malware researchers, the GhostCtrl threat is likely propagated via:
- Bogus downloads.
- Fake social media accounts and pages.
- Fraudulent text messages.
- Dodgy applications hosted on third-party application stores.
When the GhostCtrl Trojan infiltrates a targeted Android device, it will inject its components in it. As we already mentioned, the threat uses a very generic name for its components to avoid raising any red flags. Another self-preservation technique used by the GhostCtrl Trojan is using a blank name and icon – this makes it much less probable that the victims will notice anything out of the ordinary happening on their devices.
Next, the GhostCtrl threat would establish a connection with the attackers’ C&C (Command & Control) server. The GhostCtrl threat is a very feature-rich Trojan that allows its operators to:
- Change the wallpaper of the device.
- Use the text-to-speech feature.
- Access the sensors of the device.
- Send, read, and manage text messages.
- Take control over the mobile data and WiFi connections.
- Use the device’s microphone to record phone calls and other audio.
- Use the device’s camera to record video.
- Send remote commands.
- Use the device to call phone numbers selected by the attackers.
- Access directories and files and steal data from them.
The GhostCtrl threat is a very potent Trojan that can take over an Android device without its owner ever realizing that there is something wrong going on. However, despite the fact that the GhostCtrl Trojan may trick users, it is not likely that this threat will be able to avoid detection by a reputable anti-malware application.