GhostCtrl malware for Android records you and reads your messages

Trend Micro has discovered malicious software for Android that can record audio and video captured from your device, read your text messages, and view your calls, Neowin reported.

Calling it GhostCtrl, Trend Micro reported that the malware is a variant of a publicly-available remote administration tool for Android called OmniRAT.

In addition to spying on targets, GhostCtrl can ultimately become ransomware. It can lock the screen, reset the password, root the device, and steal sensitive information.

The malware appears to be part of an attack against Israeli hospitals where an information stealing worm called RETADUP was recently discovered.

Trend Micro said it found three variants of GhostCtrl.

“The first stole information and controlled some of the device’s functionalities without obfuscation, while the second added more device features to hijack,” Trend Micro reported.

“The third iteration combines the best of the earlier versions’ features—and then some. Based on the techniques each employed, we can only expect it to further evolve.”

The latest version of the exploit includes the capabilities to track your location and monitor your browsing history.

Trend Micro offered the following general advice for users and enterprises to avoid infection by malicious software such as GhostCtrl:

Keep devices updated.
Regularly back up data in case of device loss, theft, or malicious encryption (i.e. ransomware infection).
Apply the principle of least privilege—restrict user permissions for staff’s own devices to prevent unauthorised access and installation of dubious apps.
Implement an app reputation system that can detect and block malicious and suspicious apps.
Employ encryption, network segmentation, and data segregation to limit further exposure or damage to data.