GravityRAT Malware targets Mac and Android Users. Malware comes in all shapes and sizes that can copy, encrypt files or serve up annoying ads. Still, other malware work quietly in the background, mining this or that cryptocurrency using your computer’s processing power to do it.
GravityRAT is a different sort of malware that targets Mac and Android users. It has been active development since at least 2015 by Pakistani hacker groups and has been used primarily against India’s military installations. As such, it’s not the sort of malware your IT staff is likely to have a face to face encounter with unless you’re doing contract work with the Indian military. It is interesting, however, and worth taking a closer look.
GravityRAT design is primarily to check the CPU temperature of Windows-based machines and to detect the presence of sandboxes or virtual machines so that its controllers would know what type of environment they were operating in.
Recently, security researchers at Kaspersky Lab discovered new strains of GravityRAT with designs to work on both Android and Apple Mac devices. The GravityRAT development team has also been quietly updating the capabilities of their malicious code.
As of the latest build, in addition to the two things above, the malware can:
- Generate a list of a running process
- Log keystrokes
- Get basic system information
- Take screenshots at predefined intervals
- Scan ports
- Conduct searches for certain file extensions
- Execute arbitrary shell commands
Out of all these, it is the last one that makes GravityRAT genuinely dangerous, as there is any number of exploits the hackers could use here. The team is building toward a specific goal, but so far, we can only guess at what that goal might be.
In any case, the designs of GravityRAT are much more robust than anything that’s come before it, and it’s a good bet that the team is getting close to whatever finish line they are setting for themselves. After that, there’s no telling what they might use their new tool.