Your WhatsApp backup data, and other sensitive information you'd hate to have snatched, is jeopardy if you have certain chat apps on your Android phone. ESET researchers discovered a revamped version of GravityRAT spyware embedded in two messaging platforms.
This campaign was likely ongoing since August 2022. On the plus side, the campaign for one app is no longer active, but the campaign for the other is "still going," according to an ESET report.
Which two apps are infected with GravityRAT spyware?
Free chat apps BingeChat and Chatico are infected with GravityRAT spyware; they've been masquerading as platforms with messaging functionality to lure users into their traps. The BingeChat campaign is still a threat, but Chatico is now inactive.
ESET researchers spotted the website where one could download BingeChat (it was never available via the Google Play Store). Interestingly, investigators noticed that registration is required to download the malicious app.
Funnily enough, registrations were closed when ESET was investigating BingeChat. The researchers suspect that the bad actors only open registration when a victim of a specific IP address, geolocation and other identifying features shows up. "We believe that potential victims are highly targeted," the ESET report said.
As it turns out, BingeChat is a trojanized version of an open-source Android app called OMEMO Instant Messenger.
Chatico is underpinned by the same malicious code as the BingeChat app and was distributed via a website, too, that was communicated with a command-and-control server.
What can GravityRAT do?
The updated GravityRAT malware discovered in both chat apps can steal users' WhatsApp backups. Plus, the malicious actors can remotely delete the files, too. This is on top of the fact that GravityRAT, known to be used since 2015, can snatch device information (e.g., IMEI, IP address, phone number, device location, etc.), contact lists, email addresses, and call and text logs.
If you have BingeChat or Chatico on your phone, the first order of business is to, of course, remove them from your phone immediately. Secondly, researchers warn against downloading apps outside of the Google Play Store, which is already a Wild, Wild West in and of itself. So imagine the the dangers that lurk in the dark corners of the internet without Google's security vetting.
Be sure to download one of the best mobile antivirus apps to keep your Android device safe from malicious apps that may attempt to wreak havoc on your phone. (Bitdefender is a good one.)
