GravityRAT spyware comes into the spotlight once again after having expanded to infect macOS devices

The hackers behind the infamous spyware called GravityRAT have expanded their original code to include macOS and Android devices. This makes their malware more versatile in its hacking capabilities enabling it to infiltrate and extract information from all major mobile phones, tablets, and laptop operating systems. This raises concerns and allows researchers an insight into the mindset of hackers and trends in the world of cybercrime.

The GravityRAT program is a type of malware. Hackers usually hide this malware within legitimate and innocent-looking applications; once downloaded the malware program can begin to steal data. This type of malware is, cleverly named, trojan horse malware: the name is derived from the ancient Greek story of the deceitful Trojan horse. Trojan horse malware relies on the user downloading the fake application in order to be able to steal data.

Researchers from Kaspersky, a cybersecurity company headquartered in Moscow, have estimated that GravityRAT code has been around since 2015. Originally, it specialized in spying on Windows operating systems exclusively, and no new changes were seen in the programs code until 2018 when researchers noticed that the coding had been altered to make the program harder to detect by antivirus systems. This was the first sign that the hackers were more inclined to making key changes to existing programs that had been proven to work rather than creating and experimenting with new virus programs.

Recently, malware experts from Kaspersky again noticed upgraded pieces of GravityRAT code that indicated an upgrade of the program. Analysis of the code revealed that the hackers had updated the code to make it a multiplatform tool, meaning that GravityRAT was now not only limited to hacking into Windows operating systems but it could now infiltrate mac operating systems and Android operating systems. This makes GravityRAT extremely versatile, effective, and dangerous as these three operating systems are the most commonly utilized.

GravityRAT is used to steal device data, contact lists, email addresses, call logs and SMS messages, and various types of documents and files. When the vector application is installed, the malware is ready to start receiving commands from the origin server. The malware can retrieve system information, it can search for and upload files and removable discs, retrieve lists of running processes, and the list goes on.

GravityRAT has continued its standard victim list, mainly targeting people from India and in the Asia-Pacific region. Kaspersky believes that it is spreading now the same way as previous versions did from social media where individuals are sent links to applications containing the virus.


Previous Post Next Post