Bingechat

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquerading as these messaging apps as part of a targeted cyber threat campaign. Distributed through a website advertising free messaging services, BingeChat requests various permissions upon installation, posing as a standard instant messaging app, thereby infiltrating mobile devices. The malware utilizes a Trojanized chat app called BingeChat to specifically target WhatsApp backup files on the infected devices. This new version of GravityRAT, now enhanced with additional capabilities, was reported by researchers to infect mobile devices using the trojanized BingeChat app. ESET researchers have also revealed how this updated GravityRAT spyware is being spread as the free messaging apps BingeChat and Chatico, used to exfiltrate victims' WhatsApp backups among other malicious actions. While both BingeChat and Chatico were initially used for the malware distribution, currently only the campaign using BingeChat remains active, with Chatico no longer in use. Despite having the same malicious functionality as Chatico, future discussions will focus solely on the ongoing BingeChat campaign. As of now, the BingeChat campaign continues to pose a significant threat to unsuspecting users, demonstrating the persistent and evolving nature of such cyber threats.
What's your take? (Question 1 of 5)
876b2f3f-b7b0-4bb8-afbb-03db0a7a872f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Chatico
4
Chatico is a malicious software (malware) that was discovered in 2022 to be based on the OMEMO Instant Messenger app, similar to another malware known as BingeChat. It was found to have been trojanized with an updated version of Android remote access trojan (RAT) called GravityRAT. The malware was d
GravityRAT
3
GravityRAT is a notorious Trojan malware that has been in use since at least 2015, notably involved in targeted attacks against India and the military. It uses stolen developer certificates to bypass security measures like Gatekeeper, deceiving users into installing what appears to be legitimate sof
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Whatsapp
Android
Spyware
Eset
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bingechat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Android GravityRAT goes after WhatsApp backups | WeLiveSecurity
InfoSecurity-magazine
a year ago
New Version of Android GravityRAT Spyware Targets WhatsApp Backups
CERT-EU
a year ago
Android GravityRAT Spyware Steals WhatsApp Backup Files
Securityaffairs
a year ago
Updated Android spyware GravityRAT steals WhatsApp Backups
BankInfoSecurity
a year ago
Breach Roundup: European Investment Bank Suffers Cyberattack
CERT-EU
a year ago
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
CERT-EU
a year ago
Pakistan-based hackers target Indian Army, IITs; chat apps used, dangerous file names and more | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
ESET
9 months ago
WeLiveSecurity
Checkpoint
a year ago
19th June – Threat Intelligence Report - Check Point Research