A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices.
According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to capture device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server.
First documented by the Indian Computer Emergency Response Team (CERT-In) in August 2017 and subsequently by Cisco Talos in April 2018, GravityRAT has been known to target Indian entities and organizations via malware-laced Microsoft Office Word documents at least since 2015.
Noting that the threat actor developed at least four different versions of the espionage tool, Cisco said, “the developer was clever enough to keep this infrastructure safe, and not have it blacklisted by a security vendor.”
Then last year, it emerged that Pakistani spies used fake Facebook accounts to reach out to more than 98 officials from various defence forces and organizations, such as the Indian Army, Air Force, and Navy, and trick them into installing the malware disguised as a secure messaging app called Whisper.
images from Hacker News