GhostSpy Android Malware Uses Accessibility Services for Banking App Hijacking and Device Takeover
GhostSpy Android malware uses dropper APK exploiting Accessibility Services to silently install secondary payload, gaining Device Admin rights and extensive privileges. Connects to C2 servers stealth.gstpainel.fun, 37.60.233.14, gsttrust.org for remote control, data theft, and banking app UI reconstruction. Features anti-uninstall mechanisms and screen overlays for persistence.
Indicators of Compromise (IoCs)
APK Hash
e9f2f6e47e071ed2a0df5c75e787b2512ba8a601e55c91ab49ea837fd7a0fc85
Dropper APK hash (SHA-256)
APK Hash
73e647287408b2d40f53791b8a387a2f7eb6b1bba1926276e032bf2833354cc4
Payload APK hash (SHA-256)
C2 Domain
stealth.gstpainel.fun
Command and control exfiltration domain
C2 IP
37.60.233.14
Command and control server IP address
C2 Domain
gsttrust.org
Secondary C2 exfiltration domain
Payload File
update.apk
Secondary payload filename
#GhostSpy #AndroidMalware #AccessibilityServices #DeviceAdmin #CYFIRMA #BankingMalware #C2Infrastructure #RemoteAccessTrojan #MobileSecurity #DataTheft #SMSInterception #GPSTracking #UIAutomation #ScreenOverlay #AntiUninstall #CyberSecurity #InfoSec #Malware #CyberThreats #YouTubeShorts #TechNews #CyberAlert #SecurityBreach #TechShorts #InfoSecNews #MobileThreat
Видео GhostSpy Android Malware Uses Accessibility Services for Banking App Hijacking and Device Takeover канала Secure Thread
Indicators of Compromise (IoCs)
APK Hash
e9f2f6e47e071ed2a0df5c75e787b2512ba8a601e55c91ab49ea837fd7a0fc85
Dropper APK hash (SHA-256)
APK Hash
73e647287408b2d40f53791b8a387a2f7eb6b1bba1926276e032bf2833354cc4
Payload APK hash (SHA-256)
C2 Domain
stealth.gstpainel.fun
Command and control exfiltration domain
C2 IP
37.60.233.14
Command and control server IP address
C2 Domain
gsttrust.org
Secondary C2 exfiltration domain
Payload File
update.apk
Secondary payload filename
#GhostSpy #AndroidMalware #AccessibilityServices #DeviceAdmin #CYFIRMA #BankingMalware #C2Infrastructure #RemoteAccessTrojan #MobileSecurity #DataTheft #SMSInterception #GPSTracking #UIAutomation #ScreenOverlay #AntiUninstall #CyberSecurity #InfoSec #Malware #CyberThreats #YouTubeShorts #TechNews #CyberAlert #SecurityBreach #TechShorts #InfoSecNews #MobileThreat
Видео GhostSpy Android Malware Uses Accessibility Services for Banking App Hijacking and Device Takeover канала Secure Thread
Комментарии отсутствуют
Информация о видео
29 мая 2025 г. 16:00:27
00:00:15
Другие видео канала
