In the ongoing cyber warfare between India and Pakistan, Indian hackers have once again shown their prowess. However, it seems that the hackers from our own country are not far behind in this regard.
This time, Indian hackers have set their sights on compromising WhatsApp backups and extracting crucial information from Indian users.
The notorious hacking group responsible for these attacks goes by the name of SpaceCobra. Their latest tool is an instant messaging application designed to extract sensitive data from targeted devices.
What makes this cyber threat particularly alarming is the hackers’ precise targeting and clear objectives. As a result, security researchers have faced challenges in accessing and analyzing the application further.
ESET, a leading cybersecurity research firm, recently uncovered a significant discovery related to two seemingly innocent messaging apps—BingeChat and Chatico. These apps were found to be distributing a remote access trojan (RAT) named GravityRAT.
GravityRAT is a highly sophisticated malware that can extract a wealth of sensitive information from compromised devices. This includes call logs, contact lists, SMS messages, device location, basic device details, as well as specific files like pictures, photos, and documents.
What sets this malware apart is its unconventional distribution method. Unlike typical malicious apps found on app stores like the Play Store, BingeChat and Chatico are not available for download from any app store.
To acquire these apps, users must visit a specific website and create an account. This adds an extra layer of complexity to the infection process, making it more challenging to detect and mitigate.
ESET researchers encountered a roadblock while trying to register on the website. Registrations were closed, indicating a deliberate and selective approach by the hackers. This observation suggests that the threat actors are likely targeting specific locations or IP addresses with their attacks.
Interestingly, the majority of victims identified in this campaign are based in India, which aligns with the country’s widespread use of WhatsApp.
The attackers themselves originate from Pakistan. It’s important to note that this campaign has been active for an extended period, indicating a sustained effort by the threat actors.
Cybersecurity concerns are rising. Indian users must stay vigilant and take precautions to protect their data. Updating apps, using strong passwords, and avoiding suspicious websites help mitigate cyber threats.