Android, macOS Versions of GravityRAT Spyware Spotted in Ongoing Campaign

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices.


Initially detailed in 2018, the RAT was previously employed in attacks targeting the Indian military, as part of a campaign that is believed to have been active since 2015. Targeting Windows systems, the tool has mainly been used for spying purposes.


In a report published on Monday, Kaspersky reveals that the malware’s authors have invested a lot into making their tool cross-platform, and that, as part of an ongoing campaign, both Android and macOS are now being targeted, in addition to Windows.


The investigation into the new samples has revealed over 10 variants of GravityRAT, which have been distributed masquerading as legitimate apps, including secure file sharing software and media players.


Spyware capabilities packed within GravityRAT allow the malware to retrieve device information, contact lists, call logs, email addresses, and SMS messages, and even to find and exfiltrate files based on extensions: .docx, .doc, .ppt, .pptx, .txt, .pdf, .xml, .jpg, .jpeg, .log, .png, .xls, .xlsx, and .opus.


The malware, which is believed to have been developed by a Pakistani group, is also capable of retrieving a list of running processes on the system, log keystrokes, take screenshots, execute shell commands, record audio, and scan for open ports.


“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible,” Tatyana Shishk ..

Support the originator by clicking the read the rest link below.