The latest version of GravityRAT comes with notable improvements, including the ability to steal WhatsApp backup files
Android is undoubtedly one of the most popular operating systems. Due to the large number of mobile devices in which it is present and far from that, its great popularity is perhaps due to the fact that it is open source and which allows enthusiasts and developers to be able to implement the system in a wide range of applications. hardware devices.
Leaving this aside, the reason why mentioning that Android has a lot of presence in the market is because it also has become one of the main targets for many hackers, since it is not uncommon to hear about applications being removed from the PlayStore for security reasons or that threats have been detected that put user data at risk.
Such is the case of GravityRAT, a malware that has been around for many years on Android as this well-known spying Remote Access Trojan (RAT) has been used in various vocations to gain data from victims.
In this case, in which it was detected GravityRAT inside the chat app called “BingeChat” by the ESET team, it is mentioned that the malware tries to steal data from the victims' devices and that it has with the ability to steal WhatsApp backup files.
As many of you know, WhatsApp backups are created to help users transfer their message history, media files, and data to new devices. They can contain sensitive data such as text, videos, photos, documents, and more.
Application BingeChat claims to be an end-to-end encrypted chat service with a basic interface but with advanced functions. It is mainly provided through the official site and other third-party distribution channels, but the download is still invitation-based.
Users who installed BingeChat did not notice anything "strange" in the permissions that were granted in the application since it requires permissions such as access to contacts, location, phone, SMS, storage, call log, camera and microphone, apparently risky but actually normal for an instant messaging service.
Once the BingeChat app is installed, GravityRAT takes immediate action on sending logs of calls, contact lists, SMS messages, device location and basic device information to the attacker's command and control server.
Therefore, all files and documents are stolen and even Crypt32, since they may contain sensitive data of interest. These extensions mainly refer to WhatsApp Messenger backups, which the malware can even delete.
GravityRAT can receive commands to delete all contacts, all call logs and all files with a specific extension.
ESET says the app was delivered via "bingechat.net" and possibly other domains or distribution channels, but the download is invitation-based, requiring visitors to enter valid credentials or register a new account.
While registrations are currently closed, this method only allows them to distribute malicious applications to specific people. This makes it more difficult for researchers to access a transcript for analysis.
Finally it is worth mentioning that this GravityRAT campaign targets users in India, does not mean that the others are exempt, since as always recommended to all users of Android should be careful and take the necessary precautions and above all refrain from downloading APKs from unofficial sites.
Also, users should be careful of granting excessive or unnecessary permissions while installing any app. In the case of BingeChat, the requested permissions can seem normal for an instant messaging app, making it difficult for users to recognize suspicious behavior. However, reviewing and evaluating the permissions requested by any app before granting them is essential.
On this it is worth mentioning that the latest versions of Android have the ability to display blank information, it is only a matter of entering the application permissions section and configuring and deactivating those that you consider are not necessary for you to obtain that application. .