The information stealing “RETADUP” worm that affected Israeli hospitals is just part of an attack as per security researchers. In fact, the impact of the attack turned out to be bigger than it was assumed to be. The attack is accompanied by an even more dangerous threat – an Android malware that can take over the device. The threat is detected by Trend Micro “ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA” and named as the Android backdoor GhostCtrl due to its ability to stealthily control many of the infected devices’ functionalities.
According to security researchers, there are three versions of GhostCtrl. The purpose of the first version is to steal information and control some of the device’s functionalities without obfuscation. In the second version, some features were added such as to hijack. The third version combines the best of the earlier versions’ features.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street