Mac And Android Added To GravityRAT Malware’s Targets

October 31, 2020

Written by wukovits

Malware comes in all shapes and sizes. Some strains copy and encrypt files. Others serve annoying ads.

Still others work quietly in the background, mining this or that cryptocurrency using your computer’s processing power to do it.

GravityRAT is a different sort of creature. It has been actively developed since at least 2015 by Pakistani hacker groups, and has been used primarily against military installations in India. As such, it’s not the sort of malware your IT staff is likely to have a face to face encounter with unless you’re doing contract work with the Indian military. It is interesting, however, and worth taking a closer look at.

GravityRAT was designed primarily to check the CPU temperature of Windows-based machines, and to detect the presence of sandboxes or virtual machines so that its controllers would know what type of environment they were operating in.

Recently though, security researchers at Kaspersky Lab discovered new strains of GravityRAT that are designed to work on both Android and Apple devices. The GravityRAT development team has also been quietly updating the capabilities of their malicious code.

As of the latest build, in addition to the two things above, the malware can:

  • Generate a list of running process
  • Log keystrokes
  • Get basic system information
  • Take screenshots at predefined intervals
  • Scan ports
  • Conduct searchers for certain file extensions
  • Execute arbitrary shell commands

Out of all these, it is the last one that makes GravityRAT genuinely dangerous, as there are any number of exploits the hackers could use here. Clearly, the team is building toward a specific goal, but so far, we can only guess at what that goal might be.

In any case, the latest build of GravityRAT is much more robust than anything that’s come before it, and it’s a good bet that the team is getting close to whatever finish line they have set for themselves. After that, there’s no telling what they might use their new tool for.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Send us a message

Your message was sent.