Bingechat

Malware updated 5 months ago (2024-05-04T20:01:13.745Z)
Download STIX
Preview STIX
BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquerading as these messaging apps as part of a targeted cyber threat campaign. Distributed through a website advertising free messaging services, BingeChat requests various permissions upon installation, posing as a standard instant messaging app, thereby infiltrating mobile devices. The malware utilizes a Trojanized chat app called BingeChat to specifically target WhatsApp backup files on the infected devices. This new version of GravityRAT, now enhanced with additional capabilities, was reported by researchers to infect mobile devices using the trojanized BingeChat app. ESET researchers have also revealed how this updated GravityRAT spyware is being spread as the free messaging apps BingeChat and Chatico, used to exfiltrate victims' WhatsApp backups among other malicious actions. While both BingeChat and Chatico were initially used for the malware distribution, currently only the campaign using BingeChat remains active, with Chatico no longer in use. Despite having the same malicious functionality as Chatico, future discussions will focus solely on the ongoing BingeChat campaign. As of now, the BingeChat campaign continues to pose a significant threat to unsuspecting users, demonstrating the persistent and evolving nature of such cyber threats.
Description last updated: 2024-05-04T18:15:51.600Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Chatico is a possible alias for Bingechat. Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraud
4
GravityRAT is a possible alias for Bingechat. GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Whatsapp
Android
Spyware
Eset
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bingechat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
BankInfoSecurity
a year ago
Checkpoint
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
ESET
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
ESET
a year ago