Ransomware Hits Whatsapp

3158 views

By Mark Phillips ¦ Blog.TotalAV.com ¦

Android users are being urged to remain vigilant when downloading apps, especially since a new form of ransomware has been discovered. GhostCtrl, a malicious software with the means to secretly record its users, is being spread by disguising itself as popular apps such as WhatsApp and Pokemon Go.

In addition to covertly capturing audio and video recordings, the malware can lock a device’s screen and its password. Once this has taken place, its unwitting user is unable to access their files, and is subsequently at the mercy of the attacker who can now impose a ransom.
Trend Micro, a computer security company who first discovered the cyber threat, has researched three versions of GhostCtrl, and has warned that future versions could grow and “evolve” in complexity.

“We’ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device’s functionalities,” security experts explained via Trend Micro’s blog. “The data GhostCtrl steals is extensive, compared to other Android info-stealers.
“Different kinds of sensitive, and to cybercriminals, valuable, information will be collected and uploaded. There are three versions of GhostCtrl. Based on the techniques each employed, we can only expect it to further evolve.”

As with similar strains of ransomware attacks, it is the user who can unknowingly expose their device to a cyber threat such as GhostCtrl. All it takes is for a seemingly harmless app – or fake version of a popular variety like Whatsapp – to be downloaded. And once the virus-laced app is installed, the device can then become exploited.

The malware, first discovered by computer security experts at McAfee, was being spread through phony apps on the Google Play store, with the infection found in Wallpapers Blur HD and Booster & Cleaner Pro.

GhostCtrl is the latest known cyber threat in an ever-building storm of ransomware attacks, with the exception of being specifically designed to infect Android devices. Users of the popular platform were recently warned about LeakerLocker, a ransomware that threatens to release a user’s private data to everyone in their contact list.

With the backdoor open to a device, such as a smartphone, the attacker can now carry out a range of activities, breaching privacy and stealing sensitive information. The phone’s camera and microphone can be compromised, with photos, text messages, contacts, web history, and call logs also accessible.