There is a new player on the block for Android malware and it comes in the form of GhostCtrl; a silent malware that can record videos and audio from a user's device and then even seize control of the device for certain functions all without the user even knowing it is there.
GhostCtrl looks to be a variant of the commercially available OmniRAT malware and it comes in three distinct versions, One variant steals your personal information and makes use of a few minimal device functions, the second variant is more focused on device control. The third model combines the two and researched expect the malware to become more sophisticated as it spreads.
Once a user has downloaded something with GhostCtrl packed inside, install prompt after installing prompt will keep popping up until the user either completely reset the device, erasing the app in the process or gives in to the request. GhostCtrl connects to a home server that feeds it instructions on pre-infestation bases and once it is in it can do things like changing the device’s wallpaper, run a script in the background and return its results to the attacker, and download files.
GhostCtrl likes to pose as a popular or ubiquitous app archetype and particular apps and it comes in more prominent forms like a Pokemon Go clone. There have been no reports of infestations springing from Play Store app, but it is no secret that the Play Store is not entirely safe, so be careful about apps that you download by checking its permissions and metrics. Nonetheless installing apps that are not available on the Play Store is always a risky proposition.
