GravityRAT, a Windows-based remote access Trojan, has made a comeback after two years.
This time, it’s said to have new capabilities geared to target Android and macOS devices. GravityRAT is believed to have come from Pakistani hacker groups, which was designed to steal user data.
As per Kaspersky, a cybersecurity firm, the malware is now disguised as a legitimate app for macOS and Android devices. It can capture device data, contacts, e-mail addresses, and texts and call logs.
The first sighting of the malware happened in August 2017 by the Indian Computer Emergency Response Team (CERT-In) and in April 2018 by Cisco Talos.
It’s said that GravityRAT was targeting Indian entities through laced MS Office word documents since 2015.
As per Cisco, the developer behind the malware was able to keep its infrastructure safe and not be blacklisted by any security vendor. The developer of the malware has created four different versions of the tool to make that happen.
In 2019, it’s said that Pakistani spies utilized fake Facebook accounts to contact 98 officials on government organizations like the Indian Army, Navy, Air Force, and more; and trick them to install the disguised malware on their system.
The GravityRAT might have been retooled to support macOS and Android devices, but its main goal remains the same: hide its malware on legit-looking apps to steal data. These type of apps includes file sharing, adult comics, media players, and more.
What’s worse is, Kaspersky said that the people behind GravityRAT are continuously investing to improve its capabilities.
Via: The Hacker News