A sophisticated Android spyware campaign targeting individuals in Pakistan has been uncovered, using romance scam tactics as a lure. The malicious app, named GhostChat, poses as a chat platform with fake female profiles, requiring hardcoded passcodes to access. Once installed, it enables covert surveillance and data exfiltration. The campaign is part of a broader spy operation, including a ClickFix attack compromising victims' computers and a WhatsApp device-linking attack gaining access to victims' accounts. These related attacks used websites impersonating Pakistani governmental organizations. The threat actor employs multiple tactics across mobile and desktop platforms, blending social engineering, malware delivery, and espionage techniques.