Skip to Content

Fake messaging app can secretly record you and steal your information

Lately, it seems like cybercriminals have been turning their attention to popular messaging apps to trick users into installing malicious software or worse, giving away their sensitive information.

Just recently, we reported about a WhatsApp phishing campaign that’s designed to steal your information and your hard-earned cash.

And it looks like that’s not the only devious scam going around this week. In fact, the latest malware that’s piggybacking the messaging app’s popularity can inflict more harm and do far worse damage to its victims.


GhostCtrl is a newly discovered Android malware that’s being spread around disguised as popular apps like WhatsApp and Pokemon Go.

Revealed by security researchers at Trend Micro, the malicious app opens a backdoor on your phone and is capable of secretly recording audio and video and resetting your phone’s password, locking you out of your phone.

It can also monitor your phone activity and steal your personal data like photos, call logs, text messages, contacts, browser history and even install ransomware.

“We’ve named this Android back door GhostCtrl, as it can stealthily control many of the infected device’s functionalities,” Trend Micro wrote in a blog post.

It appears to be based on multi-platform malware OmniRAT, a spying tool for Windows, Mac, Linux, and Android, but GhostCtrl was designed solely for infecting Android gadgets. It is also part of the bigger RETADUP data theft worm campaign that targeted two Israeli hospitals last month.

So far, three versions of GhostCtrl have been detected with more advanced hijacking features added for each newer variant. The researchers said that the malware is likely to gain more functionality in future versions.

Users can be infected by downloading fake versions of legitimate apps like WhatsApp and Pokemon Go from third-party app sources. When opened, the malware installs a malicious package that can take over your device while opening a backdoor connection to its command and control server.

Click here to read Trend Micro’s blog post.

Protect yourself

To prevent your Android gadget from GhostCtrl infections and other malware attacks in general, avoid downloading and installing apps and APK packages from third-party sources. Only download apps from the official Google Play app store and make sure you check user reviews, too before installing.

Also, keep your device updated with the latest security updates and turn on data encryption for your phone.

Additionally, keep regular backups of your data to protect against sudden data loss or ransomware. For cloud-based Android backups, we recommend using our sponsor IDrive.

Go to and use promo code Kim to receive an exclusive offer.

More from

How to detect a virus on your Android

New ransomware threatens to share your private messages, images and browsing history with friends and family

Malware stealing data from more than 40 popular apps

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook