GravityRAT Android Trojan Targets WhatsApp Backups and Deletes Files
GravityRAT, an Android remote access trojan, has resurfaced with an updated version that poses a serious threat to users’ data. Lukáš Štefanko, a researcher from ESET, discovered the trojan, which is capable of stealing WhatsApp backups and executing commands to delete files on infected devices.
Operating under the guise of messaging apps like BingeChat and Chatico, the malicious trojan has been found to exfiltrate sensitive information from unsuspecting victims. By requesting permissions within seemingly legitimate apps, GravityRAT can access personal data such as contacts, SMS messages, call logs, files, location data, and even audio recordings without the user’s knowledge.
To distribute the trojan, the attackers employ rogue websites, bingechat[.]net and chatico[.]co[.]uk, which promote free messaging services. These apps are not available on Google Play, making it important for users to exercise caution when downloading applications from unknown sources.
The malicious apps employ various deceptive tactics, including assuming the identities of recruiters, military personnel, journalists, and individuals seeking romantic connections. These fictitious personas are created to build trust with potential targets, making them more likely to download and use the apps.
To protect against GravityRAT and similar threats, users are advised to take the following precautions:
Refrain from following suspicious cryptocurrency mining channels on platforms like Telegram.
Avoid clicking on links from unknown or untrusted sources.
Exercise caution when opening or downloading attachments, particularly if they were unexpected, as they could potentially carry Trojan malware.
Install reliable antivirus software on Windows, Android, and macOS devices to detect and mitigate potential threats.
By staying vigilant and employing these preventive measures, users can safeguard their devices and personal information from the GravityRAT Android Trojan’s detrimental effects.
Remember to always prioritize cybersecurity and remain cautious when interacting with unfamiliar apps or websites.