Since August 2022, it has been discovered that an updated version of the Android GravityRAT has been disseminated through the chat services BingeChat and Chatico. The Chatico campaign is no longer running while the BingeChat campaign continues. Researchers claim that “bingechat. Researchers claim that the malicious BingeChat programme is disseminated through “bingechat[.]net” and maybe other sites or channels.
Even though the GravityRAT campaign’s perpetrators are still unknown, ESET researchers believe SpaceCobra to be the entity behind it. The threat actor is thought to be based in Pakistan and has a history of strikes against Indian military personnel. It is a trojanized version of the trusted open-source Android instant chatting app OMEMO IM.