Chatico

Malware updated a month ago (2024-11-29T14:21:36.035Z)
Download STIX
Preview STIX
Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraudulent app called “Chatico,” distributed through the website “chatico.co[.]uk.” This malware impersonated popular chat applications like BingeChat and Chatico, masquerading as legitimate services to deceive users into downloading and installing them. The malware's key functionality involved exfiltrating victims' WhatsApp backups among other malicious actions. Once installed, it could exploit and damage the user's device, stealing personal information and disrupting operations. The malware was also found to communicate with a command and control (C&C) server hosted by Amazon.com, Inc. at IP address 75.2.37[.]224 under the domain name "jre.jdklibraries[.]com" for further instructions or data exfiltration. In November 2022, cybersecurity firm ESET revealed that SpaceCobra, the group behind the malware, had branded GravityRAT as Chatico. An updated version of GravityRAT continued to be distributed as free messaging apps, including BingeChat and Chatico. Despite the focus shifting towards the active campaign using the BingeChat app, it was noted that it retained the same malicious functionality as Chatico.
Description last updated: 2024-06-13T18:15:58.194Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Bingechat is a possible alias for Chatico. BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquer
4
Spacecobra is a possible alias for Chatico. SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobr
3
GravityRAT is a possible alias for Chatico. GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Android
Rat
Eset
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Chatico Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more