Cybersecurity researchers found macOS, Android Malware in application.
This malware is capable of retrieving your contact lists, call logs, email address, and SMS from your device.
Previously Active in Windows
GravityRat is not a new malware, in 2018, the cybersecurity researchers at Cisco Talos published an overview of the developments of GravityRAT. It had been used in targeted attacks against Indian military services. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. According to Kaspersky’s data, the campaign has been active since at least 2015, focusing mainly on Windows operating systems. A couple of years ago, however, the situation changed, and the group added Android to the target list.
How it works?
According to researchers, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players. Used together, these modules enabled the group to tap into Windows OS, MacOS, and Android.
Kaspersky researchers found the malicious module inserted in a travel application for Indian users. A closer look revealed that it was related to GravityRAT, a espionage Remote Access Trojan (RAT) known for carrying out activities in India.
What malicious modules can do?
Once it installed the malware could received commands from the server, and the modules can retrieve device data, contact lists, email addresses, call logs, and SMS messages. Some of the Trojans were also searching for files with .jpg, .jpeg, .log, .png, .txt, .pdf, .xml, .doc, .xls, .xlsx, .ppt, .pptx, .docx, and .opus extensions in a device’s memory to also send them to the C&C.
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities,” said Tatyana Shishkova, security expert at Kaspersky. “Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”