Connect with us

Apps

SpaceCobra Group Goes After WhatsApp Backups Using Android Spyware GravityRAT

Published

on

ESET researchers have identified an updated version of the Android-based GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool previously used in targeted attacks against users in India. Windows, Android, and macOS versions are available. The actor behind GravityRAT remains unknown; ESET Research tracks the group known as SpaceCobra. Most likely active since August 2022, the BingeChat campaign is still ongoing. In the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files. The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.

Just as in previously documented SpaceCobra campaigns, the Chatico campaign targeted a user in India. The BingeChat app is distributed through a website that requires registration, likely open only when the attackers expect specific victims to visit, possibly with a particular IP address, geolocation, custom URL, or within a specific timeframe. In any case, the campaign is very likely highly targeted.

“We found a website that should provide the malicious app after tapping the DOWNLOAD APP button; however, it requires visitors to log in. We didn’t have credentials, and registrations were closed. It is most probable that the operators only open registration when they expect a specific victim to visit, possibly with a particular IP address, geolocation, custom URL, or within a specific timeframe,” says ESET researcher Lukáš Štefanko, who investigated the malicious apps. “Although we couldn’t download the BingeChat app via the website, we were able to find a distribution URL on VirusTotal,” he adds. The malicious app has never been made available in the Google Play store.

ESET Research does not know how potential victims were lured to, or otherwise discovered, the malicious website. Considering that downloading the app is conditional on having an account and new account registration was not possible during the investigation, ESET believes that potential victims were specifically targeted.

The group behind the malware remains unknown, even though Facebook researchers attribute GravityRAT to a group based in Pakistan, as previously speculated by Cisco Talos. ESET tracks the group under the name SpaceCobra, and attributes both the BingeChat and Chatico campaigns to this group. As part of the app’s legitimate functionality, it provides options to create an account and log in.

Before the user signs into the app, GravityRAT starts to interact with its C&C server, exfiltrating the device user’s data and waiting for commands to execute. GravityRAT is capable of exfiltrating call logs, contact lists, SMS messages, device locations, basic device information, and files with specific extensions for pictures, photos, and documents. This version of GravityRAT has two small updates compared to previous, publicly known versions of GravityRAT: exfiltrating WhatsApp backups and receiving commands to delete files.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

WhatsApp Trials AI Image Generator

Published

on

Calling all creative minds! WhatsApp is testing a new feature that uses AI to generate personalized avatars. Imagine yourself as a superhero, chilling on a beach, or even exploring space – the possibilities are endless! WABetaInfo discovered this feature in the latest Android beta update.

Here’s the tech behind the magic: a combo of user images, text descriptions, and Meta’s powerful AI, Llama. “Take photos of yourself once, then imagine yourself in any setting from the forest to outer space,” reads the screenshot on WhatsApp. The way it works is in the Meta AI Chat: users can type “Imagine in…” or “@Meta AI imagine me…” as a text prompt. A user’s likeness will then be used to generate the personalized image.

While there’s no official release date yet, this exciting feature is entirely optional. It joins the recently launched in-app custom sticker maker, showcasing WhatsApp’s commitment to fostering creativity within the app. This, alongside their ongoing development of AI chat functionalities, highlights Meta’s focus on making WhatsApp a platform that embraces both technological innovation and user expression.

Continue Reading

Apps

YouTube’s New Eraser Tool Now Removes Songs Without Ruining Your Videos

Published

on

Good news for creators! YouTube has rolled out a major update to its eraser tool, allowing them to effortlessly remove copyrighted music from their videos without sacrificing other audio elements like dialogue or sound effects.

In a recent video, YouTube acknowledged that the previous version of the tool needed improvement in terms of accuracy. This new iteration addresses that concern by utilizing an AI-powered algorithm that precisely detects and removes unwanted songs while leaving the rest of the audio intact.

However, YouTube’s support page advises creators that the algorithm might not always achieve perfect separation. As an alternative, creators can opt to “Mute all sound in the claimed segments,” effectively silencing any portions potentially containing copyrighted material.

Once the edit is finalized, YouTube automatically removes the content ID claim, a system designed to identify the use of copyrighted material within videos on the platform. This allows creators to proceed with their uploads without copyright concerns.

Continue Reading

Apps

Telegram’s 30-Engineer Staff Worries Security Experts

Published

on

A recent interview clip featuring Telegram founder Pavel Durov has gone viral, sparking concerns among security experts. In the video, Durov highlights his company’s “super efficiency” by stating he’s the sole product manager and employs “about 30 engineers.”

However, experts view this as a red flag. Matthew Green, a cryptography expert from Johns Hopkins University, points to Telegram’s lack of default end-to-end encryption and servers located in the UAE as vulnerabilities. Unlike Signal or WhatsApp, Telegram requires users to manually activate “Secret Chat” for secure communication. Additionally, Telegram’s use of a proprietary encryption algorithm raises doubts about its overall security.

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, emphasizes that Telegram goes beyond messaging. “It’s a social media platform holding vast amounts of user data, including unencrypted communications,” she says.

Galperin argues that a small team like Telegram’s struggles to handle legal requests, manage abuse, and moderate content effectively. She further questions the “quality” of the 30 engineers and suggests attackers might find this understaffing advantageous. In essence, experts doubt Telegram’s ability to effectively combat cyber threats, particularly from well-resourced actors, given its limited workforce.

Cybersecurity expert SwiftOnSecurity ignited a firestorm last week on X, stating the immense cost of maintaining robust cybersecurity. “The numbers are staggering,” SwiftOnSecurity wrote, implying even major corporations likely fall short on security investments.

This raises significant concerns for Telegram, a platform boasting nearly one billion users, including cryptocurrency enthusiasts, activists, and those prone to spreading misinformation. These factors make Telegram a prime target for both malicious actors and government surveillance. Yet, based on recent statements by founder Pavel Durov, Telegram appears to dedicate minimal resources to cybersecurity – potentially with just a handful of dedicated personnel.

Durov’s claim of a small team, coupled with the known challenges of maintaining top-tier security, suggests Telegram maybe even less secure than previously thought by experts. This raises questions about the platform’s suitability for users prioritizing data privacy and secure communication.

Continue Reading
Advertisement

Latest Reviews

Follow us on Facebook