A new Android malware family, GhostChat, is actively targeting messaging app users by distributing malicious APKs that mimic popular chat tools, including WhatsApp. Once installed, the malware injects malicious code into the app process to intercept messages, harvest credentials, and exfiltrate contact lists and media. Its ability to operate within the context of trusted messaging apps allows it to blend with normal user activity, complicating traditional detection. The emergence of GhostChat underscores how mobile communication platforms remain high-value targets for attackers, emphasizing the need for verified app sources, minimal permissions, and real-time anomaly detection on mobile endpoints.
Read the full report here.