October 2, 2023

Researchers have spotted an updated version of the Android GravityRAT spyware targeting WhatsApp backups.

GravityRAT is a remote access tool that has been observed since at least 2015. It was previously used in targeted attacks against India. The new variant of the malware is being distributed via two messaging apps called BingeChat and Chatico.

This particular variant, starting around August 2022, specifically aims at gaining unauthorized access to WhatsApp backups, potentially compromising sensitive personal information.

Advertisements

BingeChat and Chatico, available on the Google Play Store, were repurposed to carry out these malicious activities, evading initial suspicion. It indulges in extracting user data from compromised devices and remotely issuing commands to delete information.

Notably, the malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.

The discovery of this campaign came after the company’s security researchers were alerted by MalwareHunterTeam, who shared the hash for a GravityRAT sample on Twitter.

This research was documented by researchers from ESET

Indicators of Compromise

  • 2B448233E6C9C4594E385E799CEA9EE8C06923BD
  • 25715A41250D4B9933E3599881CE020DE7FA6DC3
  • 1E03CD512CD75DE896E034289CB2F5A529E4D344
Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: