Discovery of Android Malware That Steals WhatsApp Backups
ESET, the cybersecurity company,
managed to uncover the presence of malware on Android devices targeting the theft of sensitive data from users,
among which are WhatsApp backups.
According to statements by ESET, two messaging applications were discovered under the names “BingeChat” and ”Chatico”,
which contain malware called “GravityRAT” belonging to the category of malicious software known as “Trojan”
or “Remote Access Trojan” (RAT), which allows an attacker to control the device remotely.
This malware has the ability to extract a wide range of sensitive information from infected devices,
such as call logs, contact lists, SMS messages, device location, basic device information, and files
with specific extensions such as images and documents.
Among the features of this malware is its ability to steal WhatsApp backups,
in addition to receiving commands to delete files.
Also :
It is worth noting that these two applications are not available on the Google Play Store,
and have never been uploaded to the store at any previous time, yet they spread as a result of being downloaded from external sources.
Regarding the geographical details of the attack, the ESET research team indicated that the malware is targeting
victims in a specific geographical region based on the IP address of the devices, and the data obtained by the company
showed that most victims were from India.
ESET linked the cyberattack using the GravityRAT malware to a group of professional attackers
known as “SpaceCobra”, who are likely from Pakistan according to the company.
Researchers confirmed that the attack began last August, and that the BingeChat app is still active to this day.
It is always recommended to avoid downloading applications or games from outside the Google Play Store
to ensure the device is not exposed to any malicious software as well.
Also :
ESET, the company specialized in cybersecurity, revealed the discovery of malware targeting Android devices as well, aimed at stealing sensitive data from users, including WhatsApp backups.
According to the company's report, two messaging applications were discovered bearing the name BingeChat and Chatico,
and the presence of malware known as GravityRAT was identified, belonging to the Remote Access Trojan (RAT) category,
allowing attackers to control devices remotely as well.
According to the company, this malware has the ability to extract sensitive information from targeted devices,
including call logs, contact lists, SMS messages,
device location, basic device information, as well as files such as images and documents for example.
Among the most notable features of this malware is its ability to steal WhatsApp backups, and to receive commands to delete files.
It is worth noting that neither of these two applications was found on the Google Play Store,
and they were distributed through untrusted sources outside the store as well.
Also :
According to researchers at ESET, the malware was designed to target specific victims based on their devices' IP
addresses, and the data obtained by the company indicates that many of the victims were in India.
ESET attributes the cyberattack using GravityRAT malware to a group of attackers as well
known as “SpaceCobra”, who are likely operating from Pakistan, according to the company.
The company confirms that the attack began last August, and that the infected BingeChat application is still active to this day as well.
It is worth noting that the infected application was built on the basis of another application known as OMEMO,
which is an open-source messaging application available on multiple platforms as well.
ESET recommends avoiding downloading applications or games from untrusted sources outside the Google Play Store,
in order to ensure that devices are not exposed to malware and cyber threats.
In Summary :
ESET, the cybersecurity expert company, revealed the presence of malware on Android devices targeting the theft of sensitive data, including WhatsApp backups. The discovered malware is called GravityRAT and belongs to the Remote Access Trojan (RAT) category, allowing attackers to control devices remotely. BingeChat and Chatico are considered the source of this malware's spread, as they are distributed through untrusted sources outside the Google Play Store. The malware is capable of extracting sensitive information from targeted devices, including call logs, contact lists, SMS messages, device location, and files. It is recommended to avoid downloading applications from untrusted sources to avoid exposure to malware. The attack is attributed to a group of professional attackers known as SpaceCobra, believed to be operating from Pakistan.
And with that, dear friend, we have successfully completed the task 
With regards from the #Ezznology team
Find what interests you on #our store
To subscribe to our newsletter on Google News click here 👇👇
Or scan the code
