Kaspersky researchers found hints of GravityRAT spyware in Android and macOS

In 2017, the existence of GravityRAT spyware was discovered by the Indian Computer Emergency Response Team (CERT-IN). The GravityRAT spyware is believed to be operated by Pakistani hacker groups.

According to the latest news, GravityRAT spyware seems to have made a comeback. Reports are conveying that, this spyware has evolved with respect to time and now it also comes with multiple platform support.

GravityRAT spyware is known to exist since 2015. Previously GravityRAT spyware only targeted Windows PCs. Now, the researchers at Kaspersky has found that the remote access trojan now affects Android and macOS too.

Note that the Android version of GravityRAT spyware was first spotted on an altered version of an open source travel app named Travel Mate. The attackers manipulated the app by adding malicious code and eventually released it under the name ‘Travel Mate Pro’. Following the same principles, attackers created an adult comics Android app to spread the malware.

The researchers have found this spyware on macOS too. On macOS, the malicious actors operate the malware through app named Enigma and Titanium.

As per the researchers of Kaspersky, these are the supposed capabilities of GravityRAT spyware:

  1. Get information about the system
  2. Search for files on the computer and removable disks with the extensions .doc, .docx, .ppt, .pptx, .xls, .xlsx, .pdf, .odt, .odp, and .ods, and upload them to the server
  3. Get a list of running processes
  4. Intercept keystrokes
  5. Take screenshots
  6. Execute arbitrary shell commands
  7. Record audio (not implemented in this version)
  8. Scan ports

Kaspersky researchers have come up with a detailed list of capabilities this spyware comes with. Tatyana Shishkova, security expert of Kaspersky said “Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”