Android Gravityrat

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Android GravityRAT is a malicious software (malware) that targets Android devices, with the ability to exploit and damage systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data for ransom. ESET researchers identified an updated version of this malware being distributed as the messaging apps BingeChat and Chatico, and also as trojanized versions of the legitimate open-source OMEMO Instant Messenger Android app. The original versions of Android GravityRAT were limited in their capabilities; they could only upload exfiltrated data to a command-and-control (C&C) server at specific times. However, the updated versions analyzed by ESET researchers have significantly more functionality. They can steal WhatsApp backup files, potentially compromising sensitive personal information. Additionally, these updated versions can receive commands to delete files, adding another layer of potential harm to infected systems. The first detection of an updated Android GravityRAT sample occurred in India in June 2022. Since then, the malware has continued to evolve and pose threats to Android users. Security researchers at ESET have been at the forefront of studying and reporting on these developments, providing vital information to the public about the ongoing risks associated with Android GravityRAT. Users are advised to remain vigilant and cautious when downloading apps or opening suspicious emails to protect their devices and personal information from this sophisticated malware.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Whatsapp
Eset
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GravityRATUnspecified
4
GravityRAT is a notorious Trojan malware that has been in use since at least 2015, notably involved in targeted attacks against India and the military. It uses stolen developer certificates to bypass security measures like Gatekeeper, deceiving users into installing what appears to be legitimate sof
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Android Gravityrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
8 months ago
WeLiveSecurity
Securityaffairs
a year ago
Updated Android spyware GravityRAT steals WhatsApp Backups
CERT-EU
8 months ago
Israel investigates potential breach of lawmakers’ phones
ESET
a year ago
Android GravityRAT goes after WhatsApp backups | WeLiveSecurity
CERT-EU
a year ago
Android GravityRAT Spyware Steals WhatsApp Backup Files | IT Security News
InfoSecurity-magazine
a year ago
New Version of Android GravityRAT Spyware Targets WhatsApp Backups