Used together, these modules enabled the group to tap into Windows OS, MacOS, and Android. Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players. This motivated Kaspersky researchers to compare the module with already known APT families.Īnalysis of the command and control (C&C) addresses module used revealed several additional malicious modules, also related to the actor behind GravityRAT. For one, a specific application has to be selected to carry out malicious purposes, and the malicious code – as is often the case – is not based on the code of previously known spyware applications. The identified module is further proof of this change, and there are a number of reasons why it doesn’t look like a typical piece of Android spyware. A couple of years ago, however, the situation changed, and the group added Android to the target list. According to Kaspersky’s data, the campaign has been active since at least 2015, focusing mainly on Windows operating systems. The tool had been used in targeted attacks against Indian military services. In 2018, cybersecurity researchers published an overview of the developments of GravityRAT. In addition to targeting Windows operating systems, it can now be used on Android and MacOS. Further investigation confirmed that the group behind the malware had invested effort into making it into a multiplatform tool. A closer look revealed that it was related to GravityRAT, a spying Remote Access Trojan (RAT) known for carrying out activities in India. Researchers found the malicious module inserted in a travel application for Indian users. Woburn, MA – Octo– Kaspersky has identified a previously unknown piece of Android spyware.
0 Comments
Leave a Reply. |