Android Gravityrat

Malware Profile Updated a month ago

Download STIX

Preview STIX

Android GravityRAT is a malicious software (malware) known for its ability to infiltrate and damage systems. ESET researchers have identified an updated version of this malware being distributed through the messaging apps BingeChat and Chatico, as well as trojanized versions of the legitimate open-source OMEMO Instant Messenger Android app. Unlike previous versions that could only upload exfiltrated data to a Command & Control (C&C) server at specific times, this updated variant has shown increased functionality, including the capability to steal WhatsApp backup files and receive commands to delete files. The updated version of Android GravityRAT was first detected in India in June 2022. Subsequent investigations by ESET revealed that a Pakistan-based group known as SpaceCobra was utilizing this updated malware to specifically target and steal WhatsApp backup files, thereby gaining access to potentially sensitive personal information. The malware also had the ability to delete files on victim devices, further increasing its potential for harm. Security researchers at ESET have been closely monitoring the developments of Android GravityRAT. Their findings have been widely reported, highlighting the increasing sophistication of the malware and its potential threat to users' security and privacy. As such, users are advised to remain vigilant when downloading apps and to regularly update their systems to protect against such threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Chatico	1	Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraud
Bingechat	1	BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquer

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Spyware

Eset

Gbhackers

Android

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
GravityRAT	Unspecified	5	GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
Spacecobra	Unspecified	1	SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobr

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Android Gravityrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
BankInfoSecurity	a month ago	Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
ESET	a year ago	Android GravityRAT goes after WhatsApp backups \| WeLiveSecurity
CERT-EU	a year ago	Android GravityRAT Spyware Steals WhatsApp Backup Files \| IT Security News
InfoSecurity-magazine	a year ago	New Version of Android GravityRAT Spyware Targets WhatsApp Backups
CERT-EU	10 months ago	Israel investigates potential breach of lawmakers’ phones
Securityaffairs	a year ago	Updated Android spyware GravityRAT steals WhatsApp Backups
ESET	10 months ago	WeLiveSecurity