This devious malware now threatens Mac and Android users too
GravityRAT is more dangerous than first thought
A new strain of the GravityRAT malware, previously thought only to affect Windows machines, has crossed over to infect Android and macOS devices. The remote access trojan has been traced to Pakistani hacker groups and has been used to target Indian military services.
The malware exploit has been active since at least 2015, but it is only within the last couple of years that it has begun targeting Android devices. Now it’s clear that GravityRAT, of which there are more than 10 different versions in circulation, can also impact products running a Mac operating system.
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities,” said Tatyana Shishkova, a security expert at Kaspersky. “Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the [Asia-Pacific] region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”
- We've put together a list of the best antivirus software
- The best antivirus rescue disks available
- Also check out our roundup of the best malware removal software
A RAT trap
A Kaspersky analysis of an Android travel app for the Indian market found that it contained a malicious module based on the GravityRAT malware. The module was capable of stealing user data, including email addresses, SMS messages, call logs, contact lists and documents.
Threat actors are also now including digital signatures within these malicious applications in order to make them appear legitimate. In some cases, the apps are designed to look like clones of authentic pieces of software.
Between 2015 and 2018, approximately 100 successful exploits were completed using the GravityRAT malware, with numerous public sector workers tricked into downloading the trojan under the pretence that they were installing a secure messenger platform.
- We've also highlighted the best Android antivirus apps
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.