Adult backdoor passwords
Because of the remote location, workers were unable to access the site before dark.
‘Even though we are hopeful, this situation could go either way.
Given that it’s a RAT as a service, this can be modified (or removed) during compilation.
When the app is launched, it base64-decodes a string from the resource file and writes it down, which is actually the malicious Android Application Package (APK).
The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. OPSA, we’ve named this Android backdoor Ghost Ctrl as it can stealthily control many of the infected device’s functionalities.
It was accompanied by an even more dangerous threat: an Android malware that can take over the device. Ghost Ctrl was hosted in RETADUP’s C&C infrastructure, and the samples we analyzed masqueraded as a legitimate or popular app that uses the names App, MMS, whatsapp, and even Pokemon GO.