Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

ESET uncovered a targeted espionage campaign against users in Pakistan using a fake dating/chat Android app named GhostChat (Android/Spy.GhostChat.A) that lures victims with locked female profiles, exfiltrates device files and contacts to a C2, and redirects victims to attacker-controlled WhatsApp numbers; the same infrastructure also served ClickFix DLL payloads for Windows remote command execution and a QR-code WhatsApp-linking (GhostPairing) scheme. The report provides technical analysis, IoCs (hashes, domains, IPs), and MITRE ATT&CK mappings, noting manual sideloading distribution, hardcoded credentials and codes, continuous media/document monitoring, and C2-driven PowerShell execution on Windows.