GravityRAT has morphed from a Windows-only attack campaign into a legitimate and dangerous threat to both Android and macOS devices…
Since 2015, a malware exploit known as GravityRAT, a Remote Access Trojan, has been targeting Windows machines. But, over the last couple of years, it’s started infecting Android mobile devices. Now, it’s also threatening the Mac operating system. What’s more, it now comes in ten different versions, all of which are in full circulation, out in the wild, to claim as many victims as possible.
GravityRAT Malware Now Infecting Android and Mac Devices
Security experts warn the reason for the variations are simple — to maximize exploits with the biggest track record of success. Threat actors are now using digital signatures within their malicious applications. These make them appear genuine by realistically imitating authentic pieces of software. In other words, they’re disguised as the real thing, which effectively fools consumers.
One GravityRAT module posing as a legitimate Android app can steal user data, including email addresses, SMS messages, call logs, contact lists, as well as documents. So, the threat is serious. Tatyana Shishkova, a security expert at Kaspersky, explains:
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the [Asia-Pacific] region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”