A Windows-based mostly remote obtain Trojan believed to be created by Pakistani hacker groups to infiltrate computer systems and steal users’ facts has resurfaced soon after a two-12 months span with retooled capabilities to target Android and macOS units.
According to cybersecurity agency Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as reputable Android and macOS apps to capture device data, get in touch with lists, e-mail addresses, and phone and text logs and transmit them to an attacker-managed server.
To start with documented by the Indian Laptop or computer Emergency Reaction Crew (CERT-In) in August 2017 and subsequently by Cisco Talos in April 2018, GravityRAT has been known to target Indian entities and businesses by means of malware-laced Microsoft Office Word paperwork at the very least considering the fact that 2015.
Noting that the menace actor made at minimum 4 distinctive variations of the espionage resource, Cisco explained, “the developer was intelligent enough to keep this infrastructure safe and sound, and not have it blacklisted by a security vendor.”
Then last 12 months, it emerged that Pakistani spies utilized bogus Fb accounts to reach out to additional than 98 officers from many defence forces and businesses, this sort of as the Indian Army, Air Force, and Navy, and trick them into putting in the malware disguised as a safe messaging application known as Whisper.
But even as the most up-to-date evolution of GravityRAT goes over and above anti-malware evasion abilities to achieve multi-platform guidance — like Android and macOS — the overall modus operandi continues to be the exact: sending targets backlinks to booby-trapped Android (e.g., Journey Mate Pro) and macOS applications (Enigma, Titanium) to distribute the malware.
Kaspersky said it identified above 10 versions of GravityRAT that ended up becoming distributed below the guise of legitimate purposes by cross-referencing the command-and-command (C2) addresses utilised by the Trojan.
In all, the trojanized programs spanned across travel, file sharing, media gamers, and grownup comics groups, catering to buyers of Android, macOS, and Windows, therefore enabling the attackers to get process details, documents with unique extensions, a list of running procedures, file keystrokes and choose screenshots, and even execute arbitrary Shell commands.
“Our investigation indicated that the actor guiding GravityRAT is continuing to devote in its spying capacities,” Kaspersky’s Tatyana Shishkova reported.
“Crafty disguise and an expanded OS portfolio not only enable us to say that we can count on far more incidents with this malware in the APAC area, but this also supports the broader pattern that malicious end users are not automatically centered on creating new malware, but developing proven kinds in its place, in an attempt to be as profitable as possible.”
Located this post interesting? Stick to THN on Fb, Twitter and LinkedIn to browse additional exclusive material we submit.