As we know, cyber war is at its peak these days, both within the country and internationally. Hackers from different countries are also targeting military agencies and other government agencies and information.
However, in the ongoing cyber war between India and Pakistan, the latest news reveals that Pakistani hackers are trying to target Indian users through WhatsApp. This time the hackers are very active, and their focus is to target WhatsApp backup and other sensitive data of Indian users.
The latest GravityRAT malware variant targets Android devices and steals WhatsApp chat backups. The researchers shared detailed technical assistance of this malware and the Binge chat campaign in their report.
At this time, it is unclear who the threat actors are responsible for this malware. However, GravityRAT’s creators are identified by ESET as the SpaceCobra group.
Hence, it still needs to be discovered how attackers manage to contact their potential target users even though the recent campaign appears to be ongoing. As the app doesn’t exist on the Google Play Store, the attackers may entice potential victims to download it from their domain using other methods.
The hacking group is famous for the name SpaceCobra and is in charge of developing an instant messaging program to extract private data from targeted devices. The threat actors are very focused, which indicates their clear objective.
The Sophisticated Gravity RAT Malware
The GravityRAT (Remote Access Trojan) Malware was recently discovered by cybersecurity researchers at ESET in two messaging programs called Binge Chat and Chatico that appeared to be innocent. Call logs, contact lists, SMS messages, device location, and other basic device information from compromised endpoints.
Additionally, it targets particular file extensions for images, photographs, and documents. Its unique distribution method makes GravityRAT different from others, unlike typical malware apps on the app store.
However, Bingechat and Chatico cannot be downloaded from any official platforms. In contrast, users must visit a specific website and create an account to acquire these applications. This task is deliberately challenging and adds a layer of difficulty to the infection process, making it harder to combat and detect.
Pakistani Hackers Targeting Indian Users
According to the experts at ESET, most victims targeted in this campaign are from India, aligning with the country’s widespread use of WhatsApp. The threat actors behind SpaceCobra, based in Pakistan, have exhibited comprehensive targeting by applying a deliberate and selective approach.
However, their website doesn’t allow registration, which may indicate that they only attack specific locations or IP addresses. Given that the campaign has been running for more than a year, it is essential to note that the threat actors have been persistent in their efforts.
Alas, one thing that always saves users from such threats is to avoid downloading apps.
Read more:
Meta Warns Users About Malware Disguised as ChatGPT
Hackers From Pakistan Use Linux Malware Poseidon To Target Indian Government Agencies
Pakistan’s 5G Launch Gets Delayed Once Again