Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Android Malware: GravityRAT Targets Devices

June 16, 2023
Reading Time: 2 mins read
in Alerts

 

Since August 2022, a new Android malware campaign has been spreading the latest version of GravityRAT, infecting mobile devices with a trojanized chat app called ‘BingeChat.’ The malware aims to steal data from victims’ devices, with one of its notable additions being the capability to steal WhatsApp backup files.

GravityRAT, operated by ‘SpaceCobra,’ has been active since at least 2015 and started targeting Android devices in 2020.

The trojanized chat app, ‘BingeChat,’ is presented as an end-to-end encrypted chat app with advanced features. The app is delivered through “bingechat[.]net” and requires invite-based registration, making it harder for researchers to analyze. GravityRAT’s operators have used similar tactics in the past, such as distributing malicious APKs through other chat apps like ‘SoSafe’ and ‘Travel Mate Pro.’

BingeChat requests risky permissions upon installation, including access to contacts, location, phone, SMS, storage, call logs, camera, and microphone. These permissions appear standard for messaging apps, making them less likely to raise suspicion.

Before registration, the app sends various data, including call logs, contacts, SMS messages, device location, and basic device information, to the threat actor’s command and control server. Additionally, the malware steals media and document files, including WhatsApp backups.

GravityRAT’s latest version also allows for commands from the command and control server to delete specific files, contacts, or call logs on the victim’s device.

While SpaceCobra’s campaigns are highly targeted, primarily focused on India, all Android users are advised to avoid downloading APKs from sources outside of Google Play and to exercise caution when granting permissions during app installation.

Reference:
  • Android GravityRAT goes after WhatsApp backups
Tags: AndroidCyber AlertCyber Alerts 2023GravityRATJune 2023MalwareRATRemote Access TrojansSpaceCobraVulnerabilitiesWhatsapp
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial