Ransomware Hits Whatsapp
By Mark Phillips ¦ Blog.TotalAV.com ¦
Android users are being urged to remain vigilant when downloading apps, especially since a new form of ransomware has been discovered. GhostCtrl, a malicious software with the means to secretly record its users, is being spread by disguising itself as popular apps such as WhatsApp and Pokemon Go.
In addition to covertly capturing audio and video recordings, the malware can lock a device’s screen and its password. Once this has taken place, its unwitting user is unable to access their files, and is subsequently at the mercy of the attacker who can now impose a ransom.
Trend Micro, a computer security company who first discovered the cyber threat, has researched three versions of GhostCtrl, and has warned that future versions could grow and “evolve” in complexity.
“Different kinds of sensitive, and to cybercriminals, valuable, information will be collected and uploaded. There are three versions of GhostCtrl. Based on the techniques each employed, we can only expect it to further evolve.”
The malware, first discovered by computer security experts at McAfee, was being spread through phony apps on the Google Play store, with the infection found in Wallpapers Blur HD and Booster & Cleaner Pro.
GhostCtrl is the latest known cyber threat in an ever-building storm of ransomware attacks, with the exception of being specifically designed to infect Android devices. Users of the popular platform were recently warned about LeakerLocker, a ransomware that threatens to release a user’s private data to everyone in their contact list.
With the backdoor open to a device, such as a smartphone, the attacker can now carry out a range of activities, breaching privacy and stealing sensitive information. The phone’s camera and microphone can be compromised, with photos, text messages, contacts, web history, and call logs also accessible.