Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Kimberly Gedeon

Free chat apps were caught stealing users' WhatsApp data — delete them before you're next

Thief climbing out of phone with WhatsApp data

Your WhatsApp backup data, and other sensitive information you'd hate to have snatched, is jeopardy if you have certain chat apps on your Android phone. ESET researchers discovered a revamped version of GravityRAT spyware embedded in two messaging platforms.

This campaign was likely ongoing since August 2022. On the plus side, the campaign for one app is no longer active, but the campaign for the other is "still going," according to an ESET report.

Which two apps are infected with GravityRAT spyware?

Free chat apps BingeChat and Chatico are infected with GravityRAT spyware; they've been masquerading as platforms with messaging functionality to lure users into their traps. The BingeChat campaign is still a threat, but Chatico is now inactive.

ESET researchers spotted the website where one could download BingeChat (it was never available via the Google Play Store). Interestingly, investigators noticed that registration is required to download the malicious app.

BingeChat website (Image credit: ESET)

Funnily enough, registrations were closed when ESET was investigating BingeChat. The researchers suspect that the bad actors only open registration when a victim of a specific IP address, geolocation and other identifying features shows up. "We believe that potential victims are highly targeted," the ESET report said.

As it turns out, BingeChat is a trojanized version of an open-source Android app called OMEMO Instant Messenger. 

Chatico (Image credit: ESET)

Chatico is underpinned by the same malicious code as the BingeChat app and was distributed via a website, too, that was communicated with a command-and-control server.

What can GravityRAT do?

The updated GravityRAT malware discovered in both chat apps can steal users' WhatsApp backups. Plus, the malicious actors can remotely delete the files, too. This is on top of the fact that GravityRAT, known to be used since 2015, can snatch device information (e.g., IMEI, IP address, phone number, device location, etc.), contact lists, email addresses, and call and text logs.

If you have BingeChat or Chatico on your phone, the first order of business is to, of course, remove them from your phone immediately. Secondly, researchers warn against downloading apps outside of the Google Play Store, which is already a Wild, Wild West in and of itself. So imagine the the dangers that lurk in the dark corners of the internet without Google's security vetting.

Be sure to download one of the best mobile antivirus apps to keep your Android device safe from malicious apps that may attempt to wreak havoc on your phone. (Bitdefender is a good one.)

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.