GravityRAT- Researchers Found macOS And Android Malware

Android MacOS Malware
Android MacOS Malware

Cybersecurity researchers found macOS, Android Malware in application.

This malware is capable of retrieving your contact lists, call logs, email address, and SMS from your device.

Previously Active in Windows

GravityRat is not a new malware, in 2018, the cybersecurity researchers at Cisco Talos published an overview of the developments of GravityRAT. It had been used in targeted attacks against Indian military services. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. According to Kaspersky’s data, the campaign has been active since at least 2015, focusing mainly on Windows operating systems. A couple of years ago, however, the situation changed, and the group added Android to the target list.

How it works?

According to researchers, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players. Used together, these modules enabled the group to tap into Windows OS, MacOS, and Android.

Kaspersky researchers found the malicious module inserted in a travel application for Indian users. A closer look revealed that it was related to GravityRAT, a espionage Remote Access Trojan (RAT) known for carrying out activities in India.

TravelMate
Screenshot TravelMate – A Malicious App : Source Kaspersky

What malicious modules can do?

Once it installed the malware could received commands from the server, and the modules can retrieve device data, contact lists, email addresses, call logs, and SMS messages. Some of the Trojans were also searching for files with .jpg, .jpeg, .log, .png, .txt, .pdf, .xml, .doc, .xls, .xlsx, .ppt, .pptx, .docx, and .opus extensions in a device’s memory to also send them to the C&C.

“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities,” said Tatyana Shishkova, security expert at Kaspersky. “Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”

Also Read: Metasploit Tutorial – How To Write Auxiliary Module?

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Tags from the story
,
More from Priyanshu Sahay

Wi-Fi Network Not Secure in Windows 10

Now, Windows 10 will show you a warning message, if they are...
Read More