GravityRAT is an Android malware that was released in 2015. It returned in August 2022 in a fresh new version. Her modus operandi runs through a fake chat application named BingeChat which is capable of stealing data from mobile devices.
The age of modern computing must coexist with an age of ever-accelerating malware evolution. Mobile applications are very easy entry points for hackers to target, especially those for instant messaging. GravityRAT, a malware has recently returned under a new variant and its dangerousness lies in the fact that it can attack the history of WhatsApp users. It can steal app backup files which contains sensitive data and free from encryption.
GravityRAT’s main target: Android
SpaceCobra is the name of the team of operators behind this malware. Their goal is simple: to carry out targeted hacking operations on Android devices. The famous mobile operating system has already been the subject of numerous attacks in the past. SpaceCobra therefore manages to spread their hidden malware under a name that misleads users: BingeChat. This app claims to be a fully encrypted instant messenger and has full data protection. But it is nothing!
Teams of security researchers have faced a major problem in accessing a copy of the malware. The download of the application is accessible only to targeted users and on a single URL, bingechat.net. This access restriction makes it difficult for analysts to decrypt the source code correctly.
GravityRAT capabilities
Once the deceptive app is downloaded and installed on the targeted device, BingeChat will ask the users for all the permissions that are typical for a private messaging app. Location, camera and microphone, access to contacts or call logs. Users are often fooled, because we are really used to giving these permissions (almost) without paying attention to them.
Even before the registration on the application is complete, it sends all the data given by the users to the command and control servers operated remotely by the team of hackers. BingeChat is also capable of tapping directly into media files, documents, and entire WhatsApp backups, including corresponding encrypted extensions. What can you do to defend yourself against this kind of practice? First, avoid as much as possible obtaining APK (Android Package Kit) files using sources outside of Google Play. Then, remain vigilant as to the authorizations requested by the applications and regularly ensure that the updates of smartphone security software are up to date.
Its name may sound cute or funny, but GravityRAT and its new alias BingeChat is a piece of malware with serious capabilities. The applications targeted by it, such as WhatsApp for example, contain very sensitive elements of your private life. Having it stolen is a serious compromise to your online security and it is necessary to guard against it.
Sources: BleepingComputer, ESET
0