GhostTeam is an Android adware discovered by researchers at Avast and Trend Micro, found embedded in 53 applications previously available in the Google Play store including flashlight, QR code scanner, file cleaner, and social media video downloader apps. GhostTeam targets Facebook account credentials, is capable of downloading secondary malicious applications, and is used to generate illegal ad revenue for threat actors by displaying pop-up ads on the end users’ device. The majority of infected users appear to be in India, Indonesia, and Brazil. Google was notified and has since removed the malicious apps from the Play store.

Technical Details

  • Trend Micro provides technical analysis on GhostTeam here.     

Image Source: Trend Micro