A sophisticated hacking group known as SpaceCobra has developed an innovative instant messaging app with a stealthy ability to steal sensitive information from targeted devices. This elusive threat actor demonstrates a clear understanding of its intended victims, as researchers have encountered significant challenges in their attempts to download the app for analysis.
In a recent discovery by cybersecurity researchers at ESET, it was revealed that two seemingly innocuous messaging apps, BingeChat and Chatico, were actually serving as a conduit for the notorious GravityRAT remote access trojan. This malicious RAT is capable of extracting a wealth of confidential data from compromised devices, including call logs, contact lists, SMS messages, device locations, basic device information, and files with specific extensions for images, photos, and documents.
Absence from App Stores
What distinguishes these two apps from other GravityRAT-delivering counterparts is their ability to pilfer WhatsApp backups and receive commands for file deletion.
The unique distribution method employed by this malware campaign is also worthy of note. These apps cannot be found on app stores and were never uploaded to platforms like Google Play. Instead, they can only be obtained by visiting a carefully crafted website and creating an account. Attractively designed to evade detection, the researchers at ESET were unable to create an account as registrations appeared to be intentionally closed during their visitation. This led them to surmise that the hacking group’s targeting was extremely precise, possibly narrowing down on specific locations or IP addresses.
According to Lukáš Štefanko, a researcher at ESET, “It is most probable that the operators only open registration when they expect a specific victim to visit, possibly with a particular IP address, geolocation, custom URL, or within a specific timeframe. Although we couldn’t download the BingeChat app via the website, we were able to find a distribution URL on VirusTotal.”
The majority of victims appear to be located in India, while the attackers, SpaceCobra, are believed to be of Pakistani origin. The campaign is likely to have been active since August of the previous year, with one of the apps, BingeChat, still operational. This malicious app, based on the open-source OMEMO Instant Messenger app, is compatible with Windows, macOS, and Android platforms.
Denial of responsibility! SamacharCentrl is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Deepak Sen is a tech enthusiast who covers the latest technological innovations, from AI to consumer gadgets. His articles provide readers with a glimpse into the ever-evolving world of technology.
Denial of responsibility! Samachar Central is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.