Novel GhostSpy Android malware examined

GBHackers News reports that Android devices are at risk of being completely taken over by the newly emergent GhostSpy malware, which features sophisticated persistence, anti-detection, and surveillance mechanisms.

Attacks with GhostSpy commence with the delivery of Accessibility Services and UI automation-exploiting dropper APK that facilitates secondary payload injection, according to CYFIRMA researchers. After automating the approval of extensive device permissions and establishing command-and-control server communications, GhostSpy then performs screen capturing, audio and video recording, SMS interception, and location tracking, while conducting financial transactions without user authorization. After pilfering personal documents, contacts, call logs, credentials, OTPs, and two-factor authentication codes, GhostSpy aggressively prevents its removal from infected systems by tracking the system UI and displaying bogus warning dialogs during uninstallation attempts. Such a threat posed by the GhostSpy malware should be mitigated through stringent app whitelisting, consistent operating system updates, and mobile threat defense system implementation, as well as more comprehensive user education, said CYFIRMA.

