Security News > 2020 > October > Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices.
According to cybersecurity firm Kaspersky, the malware - dubbed "GravityRAT" - now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server.
First documented by the Indian Computer Emergency Response Team in August 2017 and subsequently by Cisco Talos in April 2018, GravityRAT has been known to target Indian entities and organizations via malware-laced Microsoft Office Word documents at least since 2015.
Even as the latest evolution of GravityRAT goes beyond anti-malware evasion capabilities to gain multi-platform support - including Android and macOS - the overall modus operandi remains the same: sending targets links to booby-trapped Android and macOS apps to distribute the malware.
"Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities," Kaspersky's Tatyana Shishkova said.
News URL
Related news
- More Android apps riddled with malware spotted on Google Play (source)
- Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware (source)
- Android XLoader malware can now auto-execute after installation (source)
- MoqHao Android Malware Evolves with Auto-Execution Capability (source)
- New RustDoor macOS malware impersonates Visual Studio update (source)
- Raspberry Robin malware evolves with early access to Windows exploits (source)
- Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
- New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud (source)
- Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices (source)
- Anatsa Android malware downloaded 150,000 times via Google Play (source)