Back in November of 2015, an Android Backdoor called OmniRAT (the ‘RAT’ stands for ‘Remote Administration Tool’) was being sold on the internet for as little as $25. Despite the low price, OmniRAT was shockingly dangerous in that in can take control of Windows, Linux, and Mac systems with the touch of a button. Infection gave attackers access to user’s data, permission to silently record audio or video, and take screenshots, as well as an easy way to spread via a user’s contacts list.
As of today, OmniRAT is making a comeback in the form of GhostCtrl, which is basically OmniRAT in a newly obfuscated wrapper. Using its new wrappers, GhostCtrl (which is only targeting Android mobile devices – a departure from the original OmniRAT) masquerades as any number of legitimate apps including (but not limited to) Whatsapp or Pokemon GO. This façade of legitimacy combined with over 200 variations and infection that’s as easy as clicking the install link (even if you try to cancel afterwards) is making this malware hard to stop across unprotected mobile devices.
In addition to infection among consumers, GhostCtrl was also recently used in a coordinated attack against Israeli hospitals. This continues to illustrate that Healthcare has become an increasingly attractive target for attackers, due to the wealth of personal information that can be obtained from a successful attack. In fact, we’ve even explored this pattern before in our Healthcare Threat Report. And, all of this reinforces the urgency for healthcare (and other sensitive industries like finance, oil and gas, manufacturing, hospitality, etc.) to deploy proper mobile threat defense solutions to protect their end user’s mobile devices.
We are happy to report that Skycure successfully detects and blocks all known strains of GhostCtrl from infecting a user’s mobile device, thus keeping our customers and consumers safe from this dangerous malware. If you’d like to speak with one of our malware prevention and mitigation experts immediately, please drop us a line and we’ll get back to you ASAP.