ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico.
GravityRAT is a remote access tool known to be used since at least 2015 .According to researcher Lukas Stefanko from ESET, who analyzed a sample following a tip received from MalwareHunterTeam, one of the notable new additions found in the latest version of GravityRAT is the ability to steal WhatsApp backup files.
WhatsApp backups are created to help users transfer their message history, media files and data to new devices. They may contain sensitive data such as text, videos, photos, documents and more – all in unencrypted form.
The ongoing Android campaign utilizes the deceptive app ‘BingeChat,’ which masquerades as an end-to-end encrypted chat application boasting a straightforward interface and advanced features. ESET reports that the malicious app is distributed primarily through the domain “bingechat[.]net” and potentially other domains or distribution channels.
However, downloading the app requires an invitation-based system, where visitors must provide valid credentials or register a new account. This method enables the attackers to exclusively distribute the malicious app to their intended targets, complicating the efforts of researchers seeking access for analysis.
BingeChat requests extensive permissions upon installation on the target’s device, including access to contacts, location, phone, SMS, storage, call logs, camera, and microphone.
With Android malware, installing and using one of the best Android antivirus apps can help keep you protected.