GravityRAT: Back to Earth with Android, macOS Spyware

GravityRAT Spyware

Black computer screen with green codeGravityRAT pretends to be an application but in reality, is an espionage tool that steals people’s information. The program retrieves personal data such as email addresses, contact lists, text messages, call logs and can see certain file types. For the first time, the creators of this spyware have released Android and macOS versions. The remote access Trojan was first found by Kaspersky researchers around 2015. The developers’ focus has always been WindowsOS. The first recorded change to the RAT’s program was in 2018 when it was changed to make it harder for cyber security to catch.

The researchers at Kaspersky have been noticing updated code to the RAT program recently. After further investigation of the development, there was a complete overhaul of the program. The team behind the spyware is actively investing in making it work on multiple platforms. The first clue the Kaspersky researchers had that the RAT program was back, was after a malicious code was installed in an Android travel app on the Indian market. After a closer inspection, the malware and GravityRAT have relating codes.

After further investigation, the android spyware had modules from the RAT program. The android malware was more complex than other Android spyware programs. There were over 10 apps with Trojan modules attached to them. Some were pretending to be media players or file-sharing programs. With these apps downloaded to one system, it creates a code to enter WindowsOS, Android and macOS. After several years of investigation, the group behind the GravityRAT is still investing in spyware. Between 2015 and 2018, 100 people in the police, defense and other departments were victims of this spyware. The expansion into Android means they aim to expand their victim pool. Cyber security changes with the times, but these malicious programs aren’t new. The people behind these attacks invest in already proven methods.

Cyber security changes often to stay ahead of malicious attacks. Recently, Cisco has been hard at work fixing severe bugs found in their Firepower Threat Defense and Adaptive Security Appliance software. One of the worst bugs found in the system can be set up with an illegal remote. The malicious attackers could set up cross-site forgery and deny customers service. The fatal flaws were from the Firepower Chassis Manager, mostly. Illegal remote access could completely cripple the customer’s devices. The fatal flaws were found to be from the system incorrectly handling large files on local systems. These attackers could even cause the customer’s devices to reload.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email