In the ongoing cyber warfare between India and Pakistan, the latest development highlights the activities of Pakistani hackers targeting Indian users. These threat actors, operating under the name “SpaceCobra,” have been focusing on compromising WhatsApp backups and extracting critical data from targeted devices.
The Sophisticated GravityRAT Malware
Recently, cybersecurity researchers at ESET uncovered two seemingly innocent messaging applications called BingeChat and Chatico, which were found to distribute the GravityRAT remote access trojan (RAT). This advanced malware possesses the capability to extract various sensitive information from compromised endpoints, including call logs, contact lists, SMS messages, device location, and basic device information. It also targets specific file extensions for pictures, photos, and documents.
What sets GravityRAT apart is its unique distribution method. Unlike typical malware apps found on app stores, BingeChat and Chatico cannot be downloaded from any official platforms. Instead, users must visit a specific website and create an account to acquire these applications. This deliberate complexity adds an additional layer of difficulty to the infection process, making it harder to detect and combat.
Pakistani Hackers Targeting Indian Users with Precise Attacks
Researchers from ESET discovered that the majority of victims targeted in this campaign are based in India, aligning with the country’s widespread use of WhatsApp. The hackers behind SpaceCobra, originating from Pakistan, have exhibited precise targeting and a deliberate and selective approach. Registration on their website is closed, suggesting they may target certain locations or IP addresses with their attacks. The campaign’s longevity is worth noting, as it has been active for over a year, indicating a sustained effort by the threat actors.
Also read: Pakistani Hackers Run Respect Holy Prophet Ticker on Indian news Channel Time8