This virus gets into WhatsApp, spies and steals all photos and videos, including sexual ones

Malware may spy on WhatsApp: it steals private videos and photos. (Freepik)

The research team at ESET, a company dedicated to proactive detection of threats, has found a new version of GravityRAT, which is malware Designed specifically for Android devices that can detect user photos and videos, including sexual content.

This malware is spread through messaging apps like BingeChat and Chatico; However, there are variants available for Windows, Android, and macOS.

Active since at least 2015, the SpaceCobra group has now expanded its functionality to He steals Backups from whatsapp messenger and receive commands to delete files. This campaign uses messaging apps as a lure.

“We had no credentials and the logs were locked. Most likely, the operators behind this campaign will only open the log when they expect a specific victim to visit the site, perhaps through a specific IP address, geolocation, custom URL, or over a period of time.” specific.” Camilo Gutiérrez Amaya, Head of ESET Research Lab Latin America.

It might interest you: Schools will be able to win millions of dollars in prizes to protect themselves from cyberattacks

After starting, the application requests a file user to enable everyone Permissions necessary to work properly. Except for consent to read call logs, the other required licenses are typical of any messaging app.

the to request Offers options to create an account and login. Before a user opens their profile in the app, GravityRAT starts interacting with the command and control server, filtering user data from the device and waiting for commands to be executed.

Malware may spy on WhatsApp: it steals private videos and photos. (Freepik)

It is able to leak:

See also  These are the countries leading an ambitious race to conquer the moon

Call logs

Contact list

– SMS messages

– Files with specified extensions: jpg, jpeg, log, png, PNG, JPG, JPEG, txt, pdf, xml, doc, xls, xlsx, ppt, pptx, docx, opus, crypt14, crypt12, crypt13, crypt18, crypt32

Device location

Basic device information

data that is He steals They are stored in text files on external media, then extracted to the server and finally deleted. These are very specific commands that are not usually seen in Android malware and that can put you into games special items on the device.

Older versions of GravityRAT for Android were unable to receive commands; They can only upload the extracted data to one of their servers at any time.

We do not know how potential victims were lured into the malicious website or discovered. Bearing in mind that the ability to download the application is conditional on obtaining an account and that it was not possible to register a new account at the time of the analysis, we believe that the victims of this campaign were specially selected,” the researcher stated.

the group behind it malware It uses code from the legitimate instant messaging app OMEMO to provide chat functionality in malicious messaging apps BingeChat and Chatico.

Likely active since August 2022, according to the researchers, the BingeChat campaign is still running, while the campaign being used by Chatico is no longer active. Based on the name of the APK file, the malicious app is categorized as BingeChat and claims to provide messaging functionality.

They find that website A sample is distributed and what the malicious application should download after executing the process, but it requires visitors to log in, so it considers potential victims highly targeted.

It may interest you: How to put a password on a SIM card and why it is important to do it

According to the research team, malicious application It was never available on the Google Play Store. It is a malicious copy of the legitimate Android app OMEMO Instant Messenger (IM) but branded as BingeChat. OMEMO IM is a client reconstruction of Android chats.

See also  They discover a bubble of galaxies that could be a fossil from the Big Bang University of Hawaii astronomers

It occurs when confidential information is removed or stolen in an unauthorized manner from a system or device. This can happen in a number of ways, such as file theft or malware use. It is a serious problem because it puts privacy and information security at risk. the cyber criminals They usually do this to commit fraud or extortion.

Lovell Loxley

"Alcohol buff. Troublemaker. Introvert. Student. Social media lover. Web ninja. Bacon fan. Reader."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top