Alert approximately the usage of the GravityRAT spyware to get right of entry to WhatsApp backups

A group of cyber attackers has centered their interest WhatsApp backups, which they get right of entry to with a model of GravityRAT adware for Android via messaging apps like BingeChat and Chatico.

ESET researchers have diagnosed a Updated model of Android-based GravityRAT spyware a far flung get right of entry to device previously used in focused assaults against users in India, which is distributed because the packages of BingeChat and Chatico messaging.

GravityRAT can clear out WhatsApp backups and receive commands to delete documents. The malicious apps also provide valid chat features based totally on the open source OMEMO Instant Messenger app, as defined in a press release.

In the case of the BingeChat campaign, ESET researcher Lukas Stefanko points out that the app is distributed via a website that requires registration so criminals can also most effective open the registry when they anticipate a visit from a particular victim probably with an IP address, a geolocation, a custom URL, or inside a particular time frame.

The ESET Research team does no longer recognize how potential sufferers are lured into or discover the malicious website. Taking under consideration that the download of the utility is conditional on having an account and that it was now not possible to register a new user at some stage in the investigation, the safety firm believes that the victims have been mainly attacked.

The actor behind GravityRAT remains unknown, even though Facebook researchers characteristic this spyware to a group primarily based in Pakistan, as formerly speculated by way of Cisco Talos. ESET tracks the institution below the call of SpaceCobra, and attributes each the BingeChat and Chatico campaigns to this group.