{"id":22863,"date":"2025-08-08T08:00:00","date_gmt":"2025-08-08T11:00:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22863"},"modified":"2025-08-02T20:52:44","modified_gmt":"2025-08-02T23:52:44","slug":"trojan-direcionado-a-celulares-android","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/08\/exploits\/trojan-direcionado-a-celulares-android\/","title":{"rendered":"Trojan direcionado a celulares Android"},"content":{"rendered":"\n<p data-start=\"44\" data-end=\"127\"><strong data-start=\"44\" data-end=\"127\">GhostSpy: novo trojan direcionado a celulares Android explora PIX e rouba dados<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"129\" data-end=\"166\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">A Zenox, empresa de seguran\u00e7a, identificou um esquema no Brasil envolvendo um trojan Android chamado <strong data-start=\"101\" data-end=\"113\">GhostSpy<\/strong> \u2014 apelidado de \u201cv\u00edrus do PIX\u201d \u2014 que se tornou dispon\u00edvel como servi\u00e7o (<em data-start=\"185\" data-end=\"207\">malware-as-a-service<\/em>) e foca em ataques sofisticados a usu\u00e1rios Android. O controle \u00e9 gerenciado via painel web, com contratos que imp\u00f5em at\u00e9 multa de R$\u202f100 mil por uso indevido.<\/span><\/p>\n<p data-start=\"129\" data-end=\"166\">\u00a0<\/p>\n<p data-start=\"173\" data-end=\"222\"><strong data-start=\"173\" data-end=\"222\">Modo de opera\u00e7\u00e3o e infraestrutura do GhostSpy<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"224\" data-end=\"261\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">O GhostSpy \u00e9 distribu\u00eddo em formato de <strong data-start=\"39\" data-end=\"56\">APK malicioso<\/strong> disfar\u00e7ado de recibo, certificado ou aplicativo de entrega, com foco no p\u00fablico brasileiro. Ap\u00f3s a instala\u00e7\u00e3o, o malware utiliza os <strong data-start=\"189\" data-end=\"230\">servi\u00e7os de acessibilidade do Android<\/strong> para se promover automaticamente a administrador do dispositivo, concedendo a si pr\u00f3prio permiss\u00f5es completas, incluindo acesso \u00e0 tela, SMS e c\u00e2mera.<\/span><\/p>\n<p data-start=\"224\" data-end=\"261\">\u00a0<\/p>\n<p data-start=\"268\" data-end=\"309\"><strong data-start=\"268\" data-end=\"309\">Principais funcionalidades do malware<\/strong><\/p>\n<p data-start=\"311\" data-end=\"348\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">GhostSpy oferece ao operador controle total do dispositivo infectado:<\/span><\/p>\n<ul data-start=\"350\" data-end=\"589\">\n<li data-start=\"350\" data-end=\"389\">\n<p style=\"text-align: justify;\" data-start=\"352\" data-end=\"389\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"54\" data-is-only-node=\"\">Monitoramento remoto da tela e simula\u00e7\u00e3o de toques<\/strong>, incluindo sobreposi\u00e7\u00e3o de tela para ocultar atividade;<\/span><\/p>\n<\/li>\n<li data-start=\"390\" data-end=\"429\">\n<p data-start=\"392\" data-end=\"429\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"36\" data-is-only-node=\"\">Registro de teclado (keylogging)<\/strong> para capturar senhas, mensagens e OTPs;<\/span><\/p>\n<\/li>\n<li data-start=\"430\" data-end=\"469\">\n<p data-start=\"432\" data-end=\"469\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"27\" data-is-only-node=\"\">Roubo de dados pessoais<\/strong> como contatos, fotos, registros de chamadas e SMS;<\/span><\/p>\n<\/li>\n<li data-start=\"470\" data-end=\"509\">\n<p data-start=\"472\" data-end=\"509\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"48\" data-is-only-node=\"\">Grava\u00e7\u00e3o de \u00e1udio e captura de fotos remotas<\/strong>;<\/span><\/p>\n<\/li>\n<li data-start=\"510\" data-end=\"549\">\n<p data-start=\"512\" data-end=\"549\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\"><strong data-start=\"0\" data-end=\"31\" data-is-only-node=\"\">Rastreamento da localiza\u00e7\u00e3o<\/strong> em tempo real;<\/span><\/p>\n<\/li>\n<li data-start=\"550\" data-end=\"589\">\n<p style=\"text-align: justify;\" data-start=\"552\" data-end=\"589\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Manipula\u00e7\u00e3o de arquivos, envio de SMS de phishing e exfiltra\u00e7\u00e3o de dados para servidores controlados.<\/span><\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"591\" data-end=\"670\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Essa combina\u00e7\u00e3o de espionagem avan\u00e7ada e persist\u00eancia torna o GhostSpy extremamente perigoso e dif\u00edcil de remover mesmo em ambientes Android modernos<\/span>.<\/p>\n<p data-start=\"591\" data-end=\"670\">\u00a0<\/p>\n<p data-start=\"677\" data-end=\"714\"><strong data-start=\"677\" data-end=\"714\">Persist\u00eancia e evas\u00e3o de detec\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"716\" data-end=\"795\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">GhostSpy adota t\u00e9cnicas de evas\u00e3o sofisticadas: sobreposi\u00e7\u00f5es de tela impedem a intera\u00e7\u00e3o, avisos falsos bloqueiam a desinstala\u00e7\u00e3o via configura\u00e7\u00f5es, e a aplica\u00e7\u00e3o se oculta da lista de aplicativos instalados. Al\u00e9m disso, ele contorna prote\u00e7\u00f5es como o <strong data-start=\"252\" data-end=\"275\">Google Play Protect<\/strong> e emprega t\u00e9cnicas para burlar restri\u00e7\u00f5es em aplicativos banc\u00e1rios, capturando interface gr\u00e1fica protegida com reconstru\u00e7\u00e3o de visual (skeleton view)<\/span>.<\/p>\n<p data-start=\"716\" data-end=\"795\">\u00a0<\/p>\n<p data-start=\"802\" data-end=\"849\"><strong data-start=\"802\" data-end=\"849\">Riscos espec\u00edficos para usu\u00e1rios e empresas<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"851\" data-end=\"1218\">O GhostSpy pode capturar c\u00f3digos de autentica\u00e7\u00e3o SSA (como Google ou Microsoft Authenticator), monitorar transa\u00e7\u00f5es PIX em tempo real e extrair credenciais banc\u00e1rias. Para empresas, esse risco se multiplica caso dispositivos corporativos sejam infectados: dados sens\u00edveis, comunica\u00e7\u00f5es internas e recursos financeiros podem ser exfiltrados ou utilizados para fraudes.<\/p>\n<p data-start=\"851\" data-end=\"1218\">\u00a0<\/p>\n<p data-start=\"1225\" data-end=\"1271\"><strong data-start=\"1225\" data-end=\"1271\">Mitiga\u00e7\u00f5es e boas pr\u00e1ticas de defesa m\u00f3vel<\/strong><\/p>\n<ul data-start=\"1273\" data-end=\"1752\">\n<li data-start=\"1273\" data-end=\"1322\">\n<p data-start=\"1276\" data-end=\"1322\">Evite instalar APKs fora das lojas oficiais;<\/p>\n<\/li>\n<li data-start=\"1323\" data-end=\"1424\">\n<p data-start=\"1326\" data-end=\"1424\">N\u00e3o conceda permiss\u00f5es de <strong data-start=\"1352\" data-end=\"1394\">Acessibilidade ou Admin de dispositivo<\/strong> sem total confian\u00e7a no app;<\/p>\n<\/li>\n<li data-start=\"1425\" data-end=\"1476\">\n<p data-start=\"1428\" data-end=\"1476\">Revise regularmente apps com acesso extensivo;<\/p>\n<\/li>\n<li data-start=\"1477\" data-end=\"1562\">\n<p data-start=\"1480\" data-end=\"1562\">Utilize solu\u00e7\u00f5es de <strong data-start=\"1500\" data-end=\"1531\">Mobile Threat Defense (MTD)<\/strong> com detec\u00e7\u00e3o comportamental;<\/p>\n<\/li>\n<li data-start=\"1563\" data-end=\"1642\">\n<p data-start=\"1566\" data-end=\"1642\">Desconfie de links ou arquivos transmitidos via SMS, WhatsApp ou Telegram;<\/p>\n<\/li>\n<li data-start=\"1643\" data-end=\"1752\">\n<p style=\"text-align: justify;\" data-start=\"1646\" data-end=\"1752\">Ao suspeitar de infec\u00e7\u00e3o, retire imediatamente o celular da rede e consulte suporte t\u00e9cnico especializado.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"1759\" data-end=\"1772\"><strong data-start=\"1759\" data-end=\"1772\">Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1774\" data-end=\"2127\">O GhostSpy representa uma evolu\u00e7\u00e3o preocupante no cen\u00e1rio de malware Android: sua abordagem via SaaS democratiza o acesso a ferramentas de espionagem e fraude para agentes menos qualificados. Sua combina\u00e7\u00e3o de automa\u00e7\u00e3o advers\u00e1ria, persist\u00eancia e controle remoto completo transforma qualquer dispositivo infectado em vetor de a\u00e7\u00e3o maliciosa sofisticada.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2129\" data-end=\"2549\">Para proteger usu\u00e1rios e organiza\u00e7\u00f5es, \u00e9 essencial adotar uma postura de seguran\u00e7a proativa: restringindo permiss\u00f5es sens\u00edveis, usando solu\u00e7\u00f5es de seguran\u00e7a m\u00f3veis eficazes, educando colaboradores e monitorando dispositivos corporativos. Em um contexto onde o smartphone \u00e9 extens\u00e3o da vida profissional e pessoal, o GhostSpy serve como alerta sobre os perigos invis\u00edveis que podem surgir com um simples toque equivocado.<\/p>\n<p>\u00a0<\/p>\n<p data-start=\"2556\" data-end=\"2571\"><strong>Refer\u00eancias Bibliogr\u00e1ficas:\u00a0<\/strong><\/p>\n<ul data-start=\"2573\" data-end=\"3391\">\n<li data-start=\"2573\" data-end=\"2946\">\n<p data-start=\"2576\" data-end=\"2946\">Adriano Camacho. <em data-start=\"2593\" data-end=\"2668\">Novo &#8216;V\u00edrus do Pix&#8217;, GhostSpy foca ataques em celulares Android no Brasil<\/em>. TecMundo (31 jul.\u202f2025). Dispon\u00edvel em: <a class=\"\" href=\"https:\/\/www.tecmundo.com.br\/seguranca\/406080-novo-virus-do-pix-trojan-ghostspy-foca-ataques-em-celulares-android.htm\" target=\"_blank\" rel=\"noopener\" data-start=\"2710\" data-end=\"2946\">https:\/\/www.tecmundo.com.br\/seguranca\/406080\u2011novo\u2011virus\u2011do\u2011pix\u2011trojan\u2011ghostspy\u2011foca\u2011ataques\u2011em\u2011celulares\u2011android.htm<\/a><\/p>\n<\/li>\n<li data-start=\"2948\" data-end=\"3391\">\n<p data-start=\"2951\" data-end=\"3391\">CYFIRMA. <em data-start=\"2960\" data-end=\"3071\">GhostSpy Web-Based Android RAT: Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance<\/em> (22 mai.\u202f2025). Dispon\u00edvel em: <a class=\"cursor-pointer\" href=\"https:\/\/www.cyfirma.com\/research\/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance\/\" target=\"_blank\" rel=\"noopener\" data-start=\"3103\" data-end=\"3391\">https:\/\/www.cyfirma.com\/research\/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance\/<\/a><\/p>\n<\/li>\n<\/ul>\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>GhostSpy: novo trojan direcionado a celulares Android explora PIX e rouba dados A Zenox, empresa de seguran\u00e7a, identificou um esquema no Brasil envolvendo um trojan Android chamado GhostSpy \u2014 apelidado de \u201cv\u00edrus do PIX\u201d \u2014 que se tornou dispon\u00edvel como servi\u00e7o (malware-as-a-service) e foca em ataques sofisticados a usu\u00e1rios Android. O controle \u00e9 gerenciado via [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22866,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-22863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22863"}],"version-history":[{"count":2,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22863\/revisions"}],"predecessor-version":[{"id":22865,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22863\/revisions\/22865"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22866"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}