New trends have emerged in the world of cybercrime. Criminals are no longer distributing one type of malware, but rather actively look for more potent combinations. One way to do so is to bundle multiple types of malware into one email attachment. Another option is doing what GhostCtrl does, and build a tool which serves as both a RAT and ransomware.
Remote Access Trojans, or RATs, are nothing new. This particular type of malware has been around for nearly a decade and gives criminals backdoor access to infected devices. These attack computers and entire company networks to steal information, install additional malicious software, and perform other nefarious purposes. Moreover, this threat is slowly emerging on the Android mobile operating system as well.
A new Android RAT has been discovered named GhostCtrl. When dealing with remote access, Trojans are annoying enough, but GhostCtrl has another trick up its sleeve. Not only does it lock mobile devices by resetting PIN codes and stealing information, but it doubles as mobile ransomware. Victims see a ransom note on their device once it has been infected by the RAT.
Luckily, it appears GhostCtrl is not actively distributed as
ransomware right now. The number of infections to date have all entailed this malware stealing data from infected devices, including text messages, contacts, etc. Researchers have obtained at least one working sample of the malware, and its source code hints at future ransomware capabilities. That is a rather worrisome prospect, as mobile ransomware has not represented a particularly large market to this point.What makes the remote access Trojan component so troublesome is that it is based on another existing piece of malware. OmniRAT can attack devices running one of four major operating systems. This particular RAT can target Android, MacOS, Linux, and Windows devices alike, making it one of the most credible cyber threats to date. It appears GhostCtrl is based on OmniRAT and created by developers who access this tool through a well-known malware-as-a-service darknet portal.
Although GhostCtrl has not been used as a ransomware component just yet, its Android malware component packs a lot of powerful features. For instance, it can root infected devices, control vibrate functions, delete and rename files, send SMS and MMS messages, and intercept communications. All of this is done on top of its data collection capabilities which target call logs, SMS records, phone numbers, usernames, passwords, and camera data.
GhostCtrl is one of the first iterations of dual-approach malware contained in one package. Although this RAT targets Android systems first and foremost, the underlying code shows it can easily be ported to other operating systems as well. These combined malware packages will ultimately lead to more cyber threats, ransomware infections, and IoT-based DDoS attacks.
Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…
Spooky season might be over but doom is still looming as Ripple’s XRP falls below…
Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…
Everyone knows what the hottest crypto can do. When it was so hot it was…
The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…
Recently, major $PEPE holder Flow Traders transferred 520 billion $PEPE tokens—worth approximately $4.73 million—from address…