Android Gravityrat

Malware updated a month ago (2024-11-29T13:43:05.312Z)

Download STIX

Preview STIX

Android GravityRAT is a malicious software (malware) known for its ability to infiltrate and damage systems. ESET researchers have identified an updated version of this malware being distributed through the messaging apps BingeChat and Chatico, as well as trojanized versions of the legitimate open-source OMEMO Instant Messenger Android app. Unlike previous versions that could only upload exfiltrated data to a Command & Control (C&C) server at specific times, this updated variant has shown increased functionality, including the capability to steal WhatsApp backup files and receive commands to delete files. The updated version of Android GravityRAT was first detected in India in June 2022. Subsequent investigations by ESET revealed that a Pakistan-based group known as SpaceCobra was utilizing this updated malware to specifically target and steal WhatsApp backup files, thereby gaining access to potentially sensitive personal information. The malware also had the ability to delete files on victim devices, further increasing its potential for harm. Security researchers at ESET have been closely monitoring the developments of Android GravityRAT. Their findings have been widely reported, highlighting the increasing sophistication of the malware and its potential threat to users' security and privacy. As such, users are advised to remain vigilant when downloading apps and to regularly update their systems to protect against such threats.

Description last updated: 2024-06-13T18:15:49.723Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Spyware

Eset

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The GravityRAT Malware is associated with Android Gravityrat. GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such	Unspecified	5

Source Document References

Information about the Android Gravityrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	6 months ago	Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
ESET	2 years ago	Android GravityRAT goes after WhatsApp backups \| WeLiveSecurity
CERT-EU	2 years ago	Android GravityRAT Spyware Steals WhatsApp Backup Files \| IT Security News
InfoSecurity-magazine	2 years ago	New Version of Android GravityRAT Spyware Targets WhatsApp Backups
CERT-EU	a year ago	Israel investigates potential breach of lawmakers’ phones
Securityaffairs	2 years ago	Updated Android spyware GravityRAT steals WhatsApp Backups
ESET	a year ago	WeLiveSecurity