Chatico

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Chatico is a malicious software (malware) that was discovered in 2022 to be based on the OMEMO Instant Messenger app, similar to another malware known as BingeChat. It was found to have been trojanized with an updated version of Android remote access trojan (RAT) called GravityRAT. The malware was distributed through a fraudulent app called “Chatico” and targeted individuals were led to download it from the website “chatico.co[.]uk”. Chatico was found to be part of a narrowly targeted campaign that began in June 2022, where it masqueraded as messaging apps like BingeChat and Chatico itself. The malware, specifically designed to exploit and damage computer systems, was revealed by ESET researchers. Once installed, it could steal personal information, disrupt operations, or even hold data hostage for ransom. Among its malicious actions, the updated Android GravityRAT spyware, disguised as free messaging apps BingeChat and Chatico, was used to exfiltrate victims' WhatsApp backups. The command and control (C&C) server for Chatico was linked to Amazon.com, Inc. and had the IP address 75.2.37[.]224 as identified on November 16, 2022. According to ESET telemetry, a user in India was specifically targeted by the updated Chatico version of the RAT. This tactic was consistent with previous campaigns orchestrated by SpaceCobra. The distribution website for Chatico was hosted by Cloudflare, Inc. with the IP address 104.21.41[.]147, detected on November 19, 2021. Another Chatico C&C server was also linked to Cloudflare, Inc., but the date of detection was not specified. Despite the malicious functionality of Chatico being identical to that of BingeChat, the focus of the active campaign shifted solely to the BingeChat app.
What's your take? (Question 1 of 5)
4b12171c-0a6b-40d3-bec5-5bee19a09d00 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bingechat
4
BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquer
Spacecobra
3
SpaceCobra is a malicious actor known for its deployment of malware, notably the GravityRAT and Chatico campaigns. Active since at least 2015, SpaceCobra has continually evolved its tactics, enhancing the functionality of GravityRAT to exfiltrate WhatsApp Messenger backups and receive commands from
GravityRAT
2
GravityRAT is a notorious Trojan malware that has been in use since at least 2015, notably involved in targeted attacks against India and the military. It uses stolen developer certificates to bypass security measures like Gatekeeper, deceiving users into installing what appears to be legitimate sof
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Eset
Android
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Chatico Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Android GravityRAT goes after WhatsApp backups | WeLiveSecurity
InfoSecurity-magazine
a year ago
New Version of Android GravityRAT Spyware Targets WhatsApp Backups
CERT-EU
a year ago
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
Securityaffairs
a year ago
Updated Android spyware GravityRAT steals WhatsApp Backups
CERT-EU
a year ago
Android GravityRAT Spyware Steals WhatsApp Backup Files
CERT-EU
a year ago
Pakistan-based hackers target Indian Army, IITs; chat apps used, dangerous file names and more | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
ESET
8 months ago
WeLiveSecurity