Another day, another malware scare. This time, it’s targeting WhatsApp backups as well as some other sensitive data.
It comes from a hacking group called SpaceCobra, who has developed an instant messaging app, which is able to steal a lot of sensitive information from the target device. And it appears that the threat actor also knows exactly who they want to target. Since researchers have been unable to download the app.
The news comes from ESET, some of their cybersecurity researchers have recently discovered two messaging apps called BingeChat and Chatico, were actually serving GravityRAT, a remote access trojan. The RAT is able to exfiltrate plenty of sensitive information from compromised endpoints. This includes information like call logs, contact list, SMS messages, device location, basic device information and files with specific extensions for pictures, photos and documents.
The apps cannot be found in the Play Store either
This is a pretty sophisticated malware app. Typically, you can find them in the Play Store and download them. But that’s not the case here. The apps cannot be found on the Play Store, nor other app stores. Instead, they can only be downloaded by visiting a special website, and opening an account.
Researchers from ESET could not open up an account on the site, as registrations were showing as “closed” when they visited. This leads the researchers to believe that hackers are being very precise about who to attack. Potentially looking at specific locations or IP addresses.
It appears that the majority of victims seem to be from India. Which sounds about right, since WhatsApp is very popular in that country. The attackers are also from Pakistan. And apparently the campaign has been active since last year.
So how can you protect yourself? Well, since this app needs you to register an account, do not register an account on any fishy looking websites. Especially one that wants your WhatsApp login credentials. That’s just asking for bad news.