ghostad
GhostAd is an Android adware campaign that leveraged over 15 apps distributed via the official Google Play Store to run persistent background advertisements. The campaign focused on draining device resources and generating fraudulent ad revenue. The apps used legitimate ad SDKs in a manner that violated fair-use policies, enabling stealthy and persistent ad delivery. GhostAd primarily targeted users in the Philippines, Pakistan, and Malaysia, with millions of downloads attributed to the malicious apps. There is no evidence in the provided content linking GhostAd to a nation-state or advanced persistent threat (APT) group; it is characterized as a financially motivated cybercrime operation focused on ad fraud and resource abuse. No known aliases or sub-groups are mentioned in the available information.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
GhostAd is an Android adware campaign using popular apps to create persistent background advertising engines, draining device resources and generating fraudulent ad revenue.
GhostAd is an Android adware campaign that continues to evade detection and is present on the official Play Store.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.