print   email   Share

GhostCtrl Malware Targets Mobile Phones And Presents Risk To Family And Staff

New malware called "GhostCtrl" hides behind popular apps, tricking users into thinking it is legitimate. It then takes control of a victim's phone and can secretly record with the phone's camera.

The malware targets Android smartphone users. Researchers have found three strains—one restricts the phone's functions and collects data; a second can freeze the phone; and a third does both. Experts believe cybercriminals will continue to develop more strains of this particular malware to pose even more threats.

As it stands, GhostCtrl "can root a device, control its vibrate function, delete and rename files, download photos, use the text-to-speech feature, send text messages to specific phone numbers, delete text messages, make phone calls, record video and audio, delete browser history, open apps without permission, and spy on a user's call history, contacts, phone numbers, location, battery status, Bluetooth data and more."

GhostCtrl tricks users into thinking it is one of a number of popular smartphone apps, including App, MMS, WhatsApp, and Pokemon GO. The amount of data GhostCtrl steals is extensive compared to similar types of Android malware. Abigail Elise "Terrifying Android malware can record audio and video, spy on devices," (Jul. 19, 2017).

Commentary and Checklist

GhostCtrl is yet another malware in a series that targets Android users. Family employers who use Android products or have staff who use them at work or within the family home must take extra caution.

Family employers must stress to staff members, who use their phones or phones proved by the family employer, to remain updated on all security to prevent malware; to restrict user permission to prevent unauthorized access and app installation; to use a firewall or mobile security app; and to back up data in case of freezing or data loss.

No matter what device or computer you use, the following steps can help protect you from all forms of malware:

  • Install security software, including anti-virus and anti-spyware software, and a firewall, on all computers and devices.
  • Set your security software, internet browser, and operating system to update automatically.
  • Do not click on any links or open any attachments sent in emails unless you are certain what it is-even if the email is sent from someone you know, a hacker could have accessed the person's email account.
  • Only download and install software from trusted websites, and avoid downloading free online software.
  • Set your browser's security setting to detect unauthorized downloads.
  • Never click on any links in a pop-up window, and always close it by clicking the "X" in the title bar. Install a pop-up blocker on your computer.
  • Never download software in response to an unexpected pop-up, especially if it claims to have detected malware on your computer.
  • Tell others using your devices, including staff and children, about how to avoid malware.
  • Back-up your data regularly to prevent lost data if your computer or device is infected with malware and crashes.
  • Use passphrases or strong passwords on all devices and accounts, and avoiding sharing files or access to your devices with people you do not know.
Finally, your opinion is important to us. Please complete the opinion survey: