A fake romance turns into an Android spyware infection – Help Net Security

ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the app’s primary function is to steal data from infected devices. ESET tracks the malware as GhostChat. GhostChat attack flow (Source: ESET) The same threat actor appears to be running a wider surveillance effort. This includes a ClickFix attack that compromises victims’ computers and a WhatsApp device-linking attack that provides access to victims’ WhatsApp accounts. These related activities relied on websites impersonating Pakistani government organizations as lures. Victims downloaded GhostChat from unofficial sources and installed it manually. The app was never available on Google Play, and Google Play Protect, which is enabled by default, blocks it. “This campaign employs a method of deception that we have not previously seen in similar schemes – fake female profiles in GhostChat are presented to potential victims as locked, with passcodes required to access them. However, as the codes are hardcoded in the app, this is just a social engineering tactic likely aimed to create the impression of exclusive access for the potential victims,” says
Read More