Malware disguised as legitimate looking apps
GravityRAT spyware is being used to compromise Android and macOS devices. The malware is a remote access Trojan (RAT) and has been found targeting users in India. After a device is compromised, GravityRAT exfiltrates SMS text messages, device data, contact lists, email addresses, and call and text logs to the attackers.
Over ten versions of GravityRAT spyware exist. All of them are disguised as legitimate applications to trick a potential victim into downloading them. A victim must launch a specific application to initiate the spyware.
GravityRAT is a remote access Trojan (RAT), a type of malware that allows attackers to remote control a deice once it is compromised. This type of malware can also install and delete other programs.
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities,” said Tatyana Shishkova, security expert at Kaspersky Lab,
In 2019, The Times of India reported that a Pakistani spy had compromised Indian defense officials using GravityRAT spyware. The spy contacted the victims on Facebook and convinced the targets to download a “secure” messaging app she called “Whisper.” The computers of 98 Indian Defense officials including personnel from the Indian Army, Air Force, Navy, paramilitary forces, and state police.
This spyware has been around since about 2015. it was first developed to target Windows users and later included Android devices too. Now GravityRAT also works on macOS.