An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022.
“Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files,” ESET researcher Lukáš Štefanko said in a new report published today.
“The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.”
GravityRAT is the name given to a cross-platform malware that’s capable of targeting Windows, Android, and macOS devices. The Slovak cybersecurity firm is tracking the activity under the name SpaceCobra.
images from Hacker News
Recent Comments