GhostSpy Web-Based Android RAT : Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance www.cyfirma.com/research/…

In this report, we analyze a high-risk Android malware variant that leverages advanced evasion, persistence, and surveillance techniques to achieve full control over infected devices.

The main payload provides comprehensive control over the device, enabling keylogging, screen capture, background audio and video recording, SMS and call log theft, GPS location tracking, and remote command execution. It abuses Device Admin APIs to entrench itself deeply in the system and employs anti-uninstall tactics, including system dialog hijacking and full-screen overlay obfuscation, making it extremely persistent and nearly impossible to remove through conventional means. Critically, the malware also bypasses banking app screen-mirroring protection using a skeleton view reconstruction method, which harvests the full UI layout of protected applications.