ESET revealed in a press release the actions of a group of hackers who attack your WhatsApp backups through other messaging applications.
Credit: 123rfESET researchers have uncovered the actions of a hacker group called SpaceCobra which has released messaging apps whose objective is to steal the data contained in the WhatsApp backups of their victims. These “reworked” versions of an open-source messaging app actually contain a variant of GravityRAT, a remote access tool Remote Access Trojan type. They are distributed on the web and hackers pass them off as legitimate Android apps.
To read – Netflix, TikTok, YouTube: these hackers hid malware in 60,000 fake apps on Android
According to ESET, the two Android apps containing GravityRAT are called BingeChat and Chatico. This malware rose to prominence in 2018 when it was used to target the Indian military. One of the characteristics of this malware is that it can lie dormant for a long time before stealing data or taking screenshots. Besides exfiltrating call logs, contact list, SMS messages, and device location, spyware is also used to steal WhatsApp backups and can also receive commands to delete files.
SpaceCobra hackers seek to steal victims’ WhatsApp backup data
According to the security company, SpaceCobra is targeting a few users in particular, if not just one. According to ESET, “the application BingeChat is distributed through a website that requires registration, likely opened only when attackers expect specific victims to visit, possibly with a particular IP address, geolocation, vanity URL, or within a specific time frame. In all cases, the campaign is very targeted “.
We do not know the exact identity of the members of SpaceCobra, but everything suggests that they are of Pakistani nationality. Of course, this malicious application is not not available in the Google Play Storewhich is good because experts recommend not to download apps or software from unverified sources.
