A new strain of the GravityRAT malware, which used to be known for having an effect only on Windows machines, but now will also infect Android and macOS devices. This remote access trojan traced back to a Pakistani hacker group aimed at Indian military services.
This malware has been active since 2015, but within the past few years, it has started targeting Android devices. There are over 10 various versions of GravityRAT, of which 10 more different versions of around, and can have an impact on products running a Mac operating system.
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the [Asia-Pacific] region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible,” Kaspersky security expert, Tatyana Shishkova said.
An analysis made by Kaspersky of an Android travel app for the Indian market had found that it included a malicious module based on the GravityRAT malware. This module can take over users data, which contains email address, SMS messages, call logs, contact lists documents.
Hackers now also have digital signatures included in these harmful applications to make them seem more real.
About 100 successful exploits took place via GravityRAT malware between 2015 and 2018, with multiple public sector workers misled into downloadingthe trojan with the false promise of installing a secure messenger platform.