Bingechat

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquerading as these messaging apps as part of a targeted cyber threat campaign. Distributed through a website advertising free messaging services, BingeChat requests various permissions upon installation, posing as a standard instant messaging app, thereby infiltrating mobile devices. The malware utilizes a Trojanized chat app called BingeChat to specifically target WhatsApp backup files on the infected devices. This new version of GravityRAT, now enhanced with additional capabilities, was reported by researchers to infect mobile devices using the trojanized BingeChat app. ESET researchers have also revealed how this updated GravityRAT spyware is being spread as the free messaging apps BingeChat and Chatico, used to exfiltrate victims' WhatsApp backups among other malicious actions. While both BingeChat and Chatico were initially used for the malware distribution, currently only the campaign using BingeChat remains active, with Chatico no longer in use. Despite having the same malicious functionality as Chatico, future discussions will focus solely on the ongoing BingeChat campaign. As of now, the BingeChat campaign continues to pose a significant threat to unsuspecting users, demonstrating the persistent and evolving nature of such cyber threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Chatico	4	Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraud
GravityRAT	3	GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
Android Gravityrat	1	Android GravityRAT is a malicious software (malware) known for its ability to infiltrate and damage systems. ESET researchers have identified an updated version of this malware being distributed through the messaging apps BingeChat and Chatico, as well as trojanized versions of the legitimate open-s

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Trojan

Android

Spyware

Eset

Wordpress

Encryption

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
android/spy.gravity.a Gravityrat	Unspecified	1	None
Spacecobra	Unspecified	1	SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobr

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Bingechat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	Pakistan-based hackers target Indian Army, IITs; chat apps used, dangerous file names and more \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
BankInfoSecurity	a year ago	Breach Roundup: European Investment Bank Suffers Cyberattack
Checkpoint	a year ago	19th June – Threat Intelligence Report - Check Point Research
Securityaffairs	a year ago	Updated Android spyware GravityRAT steals WhatsApp Backups
CERT-EU	a year ago	Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
ESET	10 months ago	WeLiveSecurity
CERT-EU	a year ago	Android GravityRAT Spyware Steals WhatsApp Backup Files
InfoSecurity-magazine	a year ago	New Version of Android GravityRAT Spyware Targets WhatsApp Backups
ESET	a year ago	Android GravityRAT goes after WhatsApp backups \| WeLiveSecurity