Spacecobra

Malware Profile Updated a month ago
Download STIX
Preview STIX
SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobra to extract WhatsApp Messenger backups and receive commands from a Command and Control (C&C) server to delete files. The malware targets Windows, Android, and macOS systems as documented by cybersecurity firms such as Cisco Talos, Kaspersky, and Cyble. Despite extensive research, the identity of the actor behind GravityRAT remains unknown. In 2022, SpaceCobra launched a deceptive application named "Chatico," distributed via the website "chatico.co[.]uk." This app was used in a campaign similar to previous SpaceCobra initiatives, targeting specific individuals. According to ESET telemetry, users in India were among those targeted by the updated Chatico version of the RAT (Remote Access Trojan). In 2023, ESET reported that a Pakistan-based group, also tracked as SpaceCobra, used an updated version of the Android GravityRAT spyware to steal WhatsApp backup files and delete files on victim devices. The use of GravityRAT marks a shift in SpaceCobra's tactics, as it began focusing on Android platforms in 2020. The spyware is exclusively utilized by SpaceCobra for selected operations targeting specific individuals or groups. ESET researchers continue to monitor the group, providing indicators of compromise (IoCs) for this campaign. Despite these efforts, the threat actor behind GravityRAT, and therefore SpaceCobra, remains unidentified, highlighting the sophisticated nature of their operations and the challenges in tracking and mitigating such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Chatico
3
Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraud
GravityRAT
3
GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Whatsapp
Spyware
Rat
Macos
Eset
Android
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Android GravityratUnspecified
1
Android GravityRAT is a malicious software (malware) known for its ability to infiltrate and damage systems. ESET researchers have identified an updated version of this malware being distributed through the messaging apps BingeChat and Chatico, as well as trojanized versions of the legitimate open-s
BingechatUnspecified
1
BingeChat is a malware that has been active since August 2022, distributed under the guise of the messaging apps BingeChat and Chatico. The malicious software was first identified in June 2022 as an updated version of an Android remote access trojan known as GravityRAT, which was found to be masquer
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Spacecobra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a month ago
Pakistan's 'Cosmic Leopard' Is Targeting India With RATs
BankInfoSecurity
a year ago
Breach Roundup: European Investment Bank Suffers Cyberattack
Securityaffairs
a year ago
Updated Android spyware GravityRAT steals WhatsApp Backups
CERT-EU
a year ago
Android GravityRAT Spyware Steals WhatsApp Backup Files
ESET
10 months ago
WeLiveSecurity
ESET
a year ago
Android GravityRAT goes after WhatsApp backups | WeLiveSecurity
InfoSecurity-magazine
a year ago
New Version of Android GravityRAT Spyware Targets WhatsApp Backups