Spacecobra

Malware updated a month ago (2024-11-29T14:37:53.495Z)
Download STIX
Preview STIX
SpaceCobra is a malware group known for its malicious software activities, which have been ongoing since at least 2015. The group is linked to the BingeChat and Chatico campaigns and has revived the GravityRAT malware with enhanced functionalities. This updated version of GravityRAT allows SpaceCobra to extract WhatsApp Messenger backups and receive commands from a Command and Control (C&C) server to delete files. The malware targets Windows, Android, and macOS systems as documented by cybersecurity firms such as Cisco Talos, Kaspersky, and Cyble. Despite extensive research, the identity of the actor behind GravityRAT remains unknown. In 2022, SpaceCobra launched a deceptive application named "Chatico," distributed via the website "chatico.co[.]uk." This app was used in a campaign similar to previous SpaceCobra initiatives, targeting specific individuals. According to ESET telemetry, users in India were among those targeted by the updated Chatico version of the RAT (Remote Access Trojan). In 2023, ESET reported that a Pakistan-based group, also tracked as SpaceCobra, used an updated version of the Android GravityRAT spyware to steal WhatsApp backup files and delete files on victim devices. The use of GravityRAT marks a shift in SpaceCobra's tactics, as it began focusing on Android platforms in 2020. The spyware is exclusively utilized by SpaceCobra for selected operations targeting specific individuals or groups. ESET researchers continue to monitor the group, providing indicators of compromise (IoCs) for this campaign. Despite these efforts, the threat actor behind GravityRAT, and therefore SpaceCobra, remains unidentified, highlighting the sophisticated nature of their operations and the challenges in tracking and mitigating such threats.
Description last updated: 2024-06-13T18:15:43.302Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Chatico is a possible alias for Spacecobra. Chatico is a malicious software (malware) that was discovered to be part of a targeted cyber threat campaign since June 2022. The malware, based on the OMEMO Instant Messenger app, was trojanized with GravityRAT, a notorious Android remote access trojan. The group behind this threat employed a fraud
3
GravityRAT is a possible alias for Spacecobra. GravityRAT is a notorious Trojan malware that has been used in various cyberattacks, including those targeting military systems. Initially designed for Windows, it has evolved over time to target Android devices as well. The malware uses stolen developer certificates to bypass security measures such
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Whatsapp
Spyware
Macos
Rat
Eset
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Spacecobra Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more