HQ/EMEAFind out how we can help your business
The new GravityRAT Android malware campaign has been infecting mobile devices through a compromised chat application called BingeChat. Based on reports, this newly discovered campaign could steal data and WhatsApp backup files from its targeted device.
Researchers explained that the Android malware operators propagate GravityRAT through the compromised application. This BingeChat app is supposed to be an end-to-end encrypted chat application with a simple interface with advanced features.
The app is available on several domains like the bingechat[.]net. However, users can only download the app if they provide valid credentials or register a new account on the domains that offer the app.
This strategy could allow the attackers to distribute the malicious application to specific individuals. However, registration is currently unavailable. Moreover, this strategy of the malware operators makes it challenging for researchers to access a sample of the application to analyse.
The app which GravityRAT uses to infect targets asks for unsuspicious privileges.
BingeChat, the app that contains GravityRAT, asks a targeted individual for risky permissions after successful installs. Some of the confirmed privileges requested by the app are access to phone contacts, location, call logs, camera, mic, and SMS.
These permissions are standard for any messaging application. Hence, users will not suspect anything about this newly emerged app.
Unfortunately, once the users install BingeChat, its malware will send the harvested information, such as call logs, contact list, SMS texts, device location and basic device details to an attacker-controlled C2 server. In addition, the app could also steal numerous types of media and document files from the device. These stolen details will have a file extension matching the WhatsApp Messenger backups.
Experts also highlighted new features that GravityRAT acquired. One such part is receiving three instructions from the command-and-control server. These commands delete all contacts, all files with specified extensions, and all call logs.
These threats posed by this new Android malware could impact numerous unsuspecting users worldwide. Android users should refrain from downloading APKs from unknown sources and be wary of granting suspicious apps that request risky permissions.
