GhostGrab is an Android malware family, described by CyFirma as a new Android banking trojan that combines financial data theft with covert cryptocurrency mining. Reported capabilities include theft of banking credentials, payment card details, personal information, and broader data exfiltration, alongside covert Monero mining on infected devices. The available reporting characterizes it as using advanced persistence and stealth techniques. It is associated in the provided content with Android/mobile targeting; no specific threat actor attribution, victimology, infection vector, or indicators of compromise are provided in the source material.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
2 distinct techniques documented for this family, organized by ATT&CK tactic.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Tags:apk GhostGrab HCE Herodorus KYC malware NFC Tab-and-Steal YNRK
Android malware that combines covert Monero cryptocurrency mining with theft of financial credentials.
GhostGrab is a new Android banking trojan that also has capabilities for information stealing and cryptomining.
Android malware that combines covert cryptocurrency mining with data exfiltration, stealing banking credentials, payment card details, and personal information.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.