Watch out for the Android malware that snoops on your phone

Android users have a new strain of malware to worry about – one that sits in the background of infected devices and causes all kinds of trouble.

SophosLabs detects it as Andr/Dropr-FH, but others are calling it GhostCtrl. On the surface, it looks like a variant of OmniRAT, a remote admin tool for Android devices that’s available to the public. The damage this version can do includes:

  • Monitoring text messages, contacts, call logs, location, phone numbers and browsing history.
  • Logging the version of Android it infects, along with the battery level and Bluetooth details.
  • Recording audio and video.
  • Behaving like ransomware and locking up the victim’s files.

According to various press reports, the bad guys are distributing Andr/Dropr-FH via apps designed to look like such legitimate items as Pokemon GO and WhatsApp.

For more on Android malware, check out our 2017 Malware Forecast.

SophosLabs first started detecting versions of the malware in April 2016. It updated customer protections against the latest variants on July 17. Labs has received just above 300 samples so far, though none appear to be coming from Google Play.

How to protect yourself

As noted above, Sophos customers are protected from this malware. Additionally, users can protect themselves by following this advice:

  • Stick to Google Play. It isn’t perfect, but Google does put plenty of effort into preventing malware arriving in the first place, or purging it from the Play Store if it shows up. In contrast, many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do.
  • Consider using Sophos Mobile Security for Android, which is 100% free of charge.
  • Avoid apps with a low reputation. If no one knows anything about a new app yet, don’t install it on a work phone, because your IT department won’t thank you if something goes wrong.
  • Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive. Why not put “faster, more effective patching” on your list of desirable features, alongside or ahead of hardware advances such as “cooler camera” and “funkier screen”?