Post by habibkhan1 on Jan 8, 2024 23:46:51 GMT -6
Android is undoubtedly one of the most popular operating systems. Due to the large number of mobile devices in which it is available and far from that, its great popularity is probably due to the fact that it is open source and which allows enthusiasts and developers to implement the program in many applications. machines. Leaving this part, the reason for saying that Android has a lot of presence in the market is because it has also become one of the main targets for many hackers Since it is not uncommon to hear about applications that are removed from the PlayStore for security reasons or we have detected threats that put user data at risk.
Such is the case of GravityRAT , a malware that has been C Level Executive List around for many years on Android as it is known spying Remote Access Trojan (RAT) that has been used in various operations to collect data from victims. In this case, in which we found IwaleRAT in a chat application called "BingChat" by the ESET group, we mentioned that the malware tries to steal data from victim devices and has the ability to steal WhatsApp backup files. As many of you know, WhatsApp backups are created to help users transfer their message history, media files, and data to new devices. They can contain sensitive data such as text, videos, photos, documents, and more. The BingeChat app claims to be an end-to-end encrypted chat service with a basic interface but with advanced functions. It is primarily provided through the official site and other third-party distribution channels, but the download is also invitation-based.
Users who install BingeChat do not notice anything "strange" in the permissions given by the application because it requires permissions such as access to contacts, location, phone, SMS, storage, call log, camera and Microphone, obviously dangerous but good for immediate. sending Once the BingeChat app is installed, GravityRAT takes immediate action on sending logs of calls, contact lists, SMS messages, device status and basic device information to the command and control server of the attacker. Therefore, all files and documents are stolen and even Crypt32, because they may contain sensitive data of interest. These extensions primarily refer to WhatsApp Messenger backups, which malware can even delete. GravityRAT can receive commands to delete all your contacts, all call logs and all files with a specific extension. ESET says the app is delivered by "bingechat.net" and possibly other domains or distribution channels, but the download is invitation-based, requiring visitors to enter valid credentials or register a new account.
Such is the case of GravityRAT , a malware that has been C Level Executive List around for many years on Android as it is known spying Remote Access Trojan (RAT) that has been used in various operations to collect data from victims. In this case, in which we found IwaleRAT in a chat application called "BingChat" by the ESET group, we mentioned that the malware tries to steal data from victim devices and has the ability to steal WhatsApp backup files. As many of you know, WhatsApp backups are created to help users transfer their message history, media files, and data to new devices. They can contain sensitive data such as text, videos, photos, documents, and more. The BingeChat app claims to be an end-to-end encrypted chat service with a basic interface but with advanced functions. It is primarily provided through the official site and other third-party distribution channels, but the download is also invitation-based.
Users who install BingeChat do not notice anything "strange" in the permissions given by the application because it requires permissions such as access to contacts, location, phone, SMS, storage, call log, camera and Microphone, obviously dangerous but good for immediate. sending Once the BingeChat app is installed, GravityRAT takes immediate action on sending logs of calls, contact lists, SMS messages, device status and basic device information to the command and control server of the attacker. Therefore, all files and documents are stolen and even Crypt32, because they may contain sensitive data of interest. These extensions primarily refer to WhatsApp Messenger backups, which malware can even delete. GravityRAT can receive commands to delete all your contacts, all call logs and all files with a specific extension. ESET says the app is delivered by "bingechat.net" and possibly other domains or distribution channels, but the download is invitation-based, requiring visitors to enter valid credentials or register a new account.