.jpg)
According to ESET researcher Lukas Stenfanko who examined a sample after getting a tip from MalwareHunterTeam, it was found that one of the noteworthy new features seen in the most recent GravityRAT version is the ability to collect WhatsApp backup files.
GravtiRAT
A remote access tool called GravityRAT has been used in targeted cyberattacks on India since at least 2015 and is known to be in use. There are versions for Windows, Android, and macOS, as previously reported by Cisco Talos, Kaspersky, and Cyble. However it is still unknown who is the actor behind GravityRAT, the group has been internally defined as SpaceCobra.
Although GravityRAT has been active since at least 2015, it only began specifically focusing on Android in 2020. Its operators, ‘SpaceCobra,’ only employ the malware in specific targeting tasks.
Current Android Campaign
According to ESET, the app is delivered via “bingechat[.]net” and other domains or distribution channels, however, the downloads require invites, entering valid login information, or creating a new account.
While registrations are currently closed, this method only enables the threat
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: