Tuesday , December 24 2024

BingeChat steals whatsApp backups

ESET researchers have identified an updated version of Android GravityRAT spyware being distributed as the messaging apps BingeChat and Chatico. GravityRAT is a remote access tool known to be used since at least 2015 and previously used in targeted attacks against India. Windows, Android, and macOS versions are available, as previously documented by Cisco TalosKaspersky, and Cyble. The actor behind GravityRAT remains unknown; we track the group internally as SpaceCobra.

Most likely active since August 2022, the BingeChat campaign is still ongoing; however, the campaign using Chatico is no longer active. BingeChat is distributed through a website advertising free messaging services. Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files. The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.

New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

A newly discovered vulnerability called "G-Door" enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts....
Read More
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs

CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available

Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw...
Read More
CVE-2024-53961  Adobe alerts of critical ColdFusion bug with PoC exploit available

Splunk targets Bangladeshi market: Investing in local talent

Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk's local partner...
Read More
Splunk targets Bangladeshi market: Investing in local talent

Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code...
Read More
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE

For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65...
Read More
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future

Eight New ICS Advisories released by CISA

CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
Eight New ICS Advisories released by CISA

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
Authority Denies  Hacker claim ransomware attack on Indonesia’s state bank BRI

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
London-based company “Builder.ai” reportedly exposed 1.2 TB data

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)  Sophos resolved 3 critical vulnerabilities in Firewall

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

The creation of WhatsApp backups is intended to facilitate the migration of users’ message history, media files, and data to different or new devices.

While it’s crucial to be aware that these backups may include unencrypted sensitive data like:-

  • Text
  • Video
  • Photos
  • Documents

Key points:

  • A new version of Android GravityRAT spyware being distributed as trojanized versions of the legitimate open-source OMEMO Instant Messenger Android app.
  • The trojanized BingeChat app is available for download from a website that presents it as a free messaging and file sharing service.
  • This version of GravityRAT is enhanced with two new capabilities: receiving commands to delete files and exfiltrating WhatsApp backup files.

 

Check Also

AI

AI-made nude images incident, one school, 50 female victim

Nearly half of the high school’s female students were victimized in AI based deepfake the …

Leave a Reply

Your email address will not be published. Required fields are marked *