Welcome to SecureXplore, your gateway to the exciting world of cyber security. In this blog, we embark on a journey to explore the ever-evolving landscape of digital security, equipping you with the knowledge and tools to navigate this dynamic realm with confidence. Through our comprehensive articles, expert insights, and practical tips, we aim to empower individuals and businesses alike to fortify their defenses against cybercrime and Vulnerabilities.
Saturday, March 2, 2024
New Version of Android GravityRAT Steals WhatsApp Backup Files
An updated variant of the Android GravityRAT malware has been discovered, targeting users through the BingeChat and Chatico messaging apps since August 2022. While the BingeChat campaign is still active, the Chatico campaign has ceased.
Campaign Overview: The malicious BingeChat app, distributed through the "bingechat[.]net" domain and potentially other channels, masquerades as a modified version of OMEMO IM—an authentic open-source instant messaging app for Android. The registration process for the malicious app is invite-based, requiring victims to provide valid credentials within a specified timeframe. Upon successful registration, BingeChat requests access to various permissions, including contacts, location, phone, SMS, storage, call logs, camera, and microphone.
Harmful Capabilities of GravityRAT: The latest iteration of GravityRAT spyware exhibits several harmful functionalities. It exfiltrates WhatsApp backups, deletes contacts, and erases call logs. Additionally, it steals media and document files in various formats, such as jpg, jpeg, log, png, PNG, JPG, JPEG, txt, pdf, xml, doc, xls, xlsx, and crypt32. The exfiltrated data is stored in text files on external storage media and transmitted to the command-and-control (C2) server before being removed from the victim's device.
Subscribe to:
Post Comments (Atom)
AT&T Data Breach: 73 Million Customers' Information Leaked, Company Confirms
AT&T has confirmed a data breach impacting 73 million current and former customers, despite initially denying that the leaked data origi...
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUniCoShq2KateTp0aKL6hCadPsuJCn0u3kGqVW_BjaeeF0_xTsuH2Q9mqSdEIozBBmT2rcN7Y-id4L2xmblw-ueey5YjTwv8IjCXdUoSDwSVoFPGaFh3xqReN878YrwbCjvH8DWBjyOFShMYfplQ0NS6KPXGNxA8LgcVOzROC7qErlv1aFo9E0a-hMYpi/w540-h304/ATT.webp)
-
In 2022, cyberattacks targeting large enterprises in African nations witnessed a significant surge. Kenyan businesses reported an 82% incr...
-
Washington, D.C. is currently facing a significant cybersecurity threat as it grapples with the aftermath of a breach by the hacking group...
-
The recently established Rhysida ransomware group has claimed responsibility for the cyberattack on Maryland's Prince George's Cou...
-
An updated variant of the Android GravityRAT malware has been discovered, targeting users through the BingeChat and Chatico messaging apps...
-
Caesars Entertainment Inc. has reportedly paid a substantial sum to hackers who successfully infiltrated the company's systems and iss...
-
In a recent cyber incident, the ALPHV/BlackCat ransomware group has taken responsibility for causing disruptions at MGM Resorts. Their metho...
-
Meta's WhatsApp has recently introduced updates to its proxy feature, expanding the range of content that can be shared within convers...
-
Charming Kitten, a notorious nation-state actor linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has recently surfaced in a ta...
No comments:
Post a Comment