Chatico

Malware Profile Updated a month ago
Download STIX
Preview STIX
Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraudulent app called “Chatico,” distributed through the website “chatico.co[.]uk.” This malware impersonated popular chat applications like BingeChat and Chatico, masquerading as legitimate services to deceive users into downloading and installing them. The malware's key functionality involved exfiltrating victims' WhatsApp backups among other malicious actions. Once installed, it could exploit and damage the user's device, stealing personal information and disrupting operations. The malware was also found to communicate with a command and control (C&C) server hosted by Amazon.com, Inc. at IP address 75.2.37[.]224 under the domain name "jre.jdklibraries[.]com" for further instructions or data exfiltration. In November 2022, cybersecurity firm ESET revealed that SpaceCobra, the group behind the malware, had branded GravityRAT as Chatico. An updated version of GravityRAT continued to be distributed as free messaging apps, including BingeChat and Chatico. Despite the focus shifting towards the active campaign using the BingeChat app, it was noted that it retained the same malicious functionality as Chatico.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bingechat
4
BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquer
Spacecobra
3
SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobr
GravityRAT
2
GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
Android Gravityrat
1
Android GravityRAT is a malicious software (malware) known for its ability to infiltrate and damage systems. ESET researchers have identified an updated version of this malware being distributed through the messaging apps BingeChat and Chatico, as well as trojanized versions of the legitimate open-s
android/spy.gravity.a Gravityrat
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Android
Eset
Whatsapp
Trojan
Spyware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Chatico Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a month ago
Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
CERT-EU
a year ago
Android GravityRAT Spyware Steals WhatsApp Backup Files
CERT-EU
a year ago
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
ESET
10 months ago
WeLiveSecurity
CERT-EU
a year ago
Pakistan-based hackers target Indian Army, IITs; chat apps used, dangerous file names and more | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
ESET
a year ago
Android GravityRAT goes after WhatsApp backups | WeLiveSecurity
Securityaffairs
a year ago
Updated Android spyware GravityRAT steals WhatsApp Backups
InfoSecurity-magazine
a year ago
New Version of Android GravityRAT Spyware Targets WhatsApp Backups