![]() We were alerted to this campaign by MalwareHunterTeam, which shared the hash for a GravityRAT sample via a tweet. This version of GravityRAT is enhanced with two new capabilities: receiving commands to delete files and exfiltrating WhatsApp backup files.The trojanized BingeChat app is available for download from a website that presents it as a free messaging and file sharing service.We discovered a new version of Android GravityRAT spyware being distributed as trojanized versions of the legitimate open-source OMEMO Instant Messenger Android app.The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app. Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files. BingeChat is distributed through a website advertising free messaging services. Most likely active since August 2022, the BingeChat campaign is still ongoing however, the campaign using Chatico is no longer active. ![]() The actor behind GravityRAT remains unknown we track the group internally as SpaceCobra. Windows, Android, and macOS versions are available, as previously documented by Cisco Talos, Kaspersky, and Cyble. GravityRAT is a remote access tool known to be used since at least 2015 and previously used in targeted attacks against India. ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |