Select Page

An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022.

“Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files,” ESET researcher Lukáš Štefanko said in a new report published today.

“The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.”

GravityRAT is the name given to a cross-platform malware that’s capable of targeting Windows, Android, and macOS devices. The Slovak cybersecurity firm is tracking the activity under the name SpaceCobra.

images from Hacker News