SOURCE: TNN
Cybersecurity firm Kaspersky claims that a dangerous malware known as GravityRAT spyware is back in business. GravityRAT was first talked about back in 2015. As per Kaspersky, the tool had been used in targeted attacks against Indian military services. Earlier, it used to only attack Windows computers, now it is modified to attack Macs and Android phones too.
Kaspersky was alerted about a previously unknown piece of Android spyware recently. While studying this ‘unknown’ spyware, researchers found out that it is GravityRAT, a spying Remote Access Trojan (RAT) known for carrying out activities in India.
So, what is a Remote Access Trojan (RAT)? These are the worst kind of Trojans. After a device is infected it can secretly access files, software and even hijack the device altogether. It can also install codes, software, read keyboard data to steal passwords and hijack webcam to record video and audio secretly.
According to Kaspersky’s data, “the campaign has been active since at least 2015, focusing mainly on Windows operating systems. A couple of years ago, however, the situation changed, and the group added Android to the target list.”
The cybersecurity firm confirmed that “the group behind the malware had invested effort into making it into a multiplatform tool.” It claims that more than 10 versions of GravityRAT were found.
This spyware is said to be spreading under the guise of legitimate apps, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players.
What can GravityRAT do once it infects a device? The operators of this spyware can get information about the victim’s system, retrieve device data, contact lists, email addresses, call logs, and SMS messages. It can also search files on the victim’s computer with specific extensions like doc, .docx, .ppt, .pptx, etc and can also upload these files to a remote server.
The spyware can also take screenshots secretly, intercept keystrokes and know what is being typed on the device, record audio secretly and even scan ports. To add to the list of capabilities, the spyware can also execute arbitrary shell commands.