GravityRAT Gains New Multi-Platform Spyware Capabilities

GravityRAT operators are constantly working towards advancing this information stealing malware. Recently, Kaspersky researchers have witnessed another enhancement in the tool, allowing it to now target macOS and Android, in addition to existing Windows attacking capabilities, making it a multiplatform tool.

The scoop

GravityRAT operators have not only extended their target OS and Android portfolio, they continue to invest in the trojan’s spying abilities.
  • Researchers identified more than ten versions of GravityRAT malware with several additional malicious modules being distributed under the guise of legitimate applications. The malware authors, moreover, used digital signatures while signing their code to make their booby-trapped apps look legitimate.
  • The latest versions were detected while analyzing an Android spyware app named Travel Mate Pro that gets sent to a C&C server, also used by two other malicious apps Enigma and Titanium.
  • In addition, researchers have discovered clones of legitimate apps, developed in .NET, Python, and Electron, aimed to download GravityRAT payloads from the C&C server and add a scheduled task on the infected device to gain persistence.

Recent trojan attacks

Recently, many hackers were observed following diverse approaches to modify trojans with additional functionality to gain more profits.
  • In October, SolarSys trojan was seen adding fileless attack protection functions to target financial institutions, such as Banco do Nordeste, Banco Mercantil, CrediSIS, Safra, and other banks in Brazil.
  • In the same month, several threat actors were observed enhancing the Cerberus malware from a mobile-banking trojan to a network access tool to attempt corporate network access in the future.

The bottom line

Cybercriminals are not only focused on developing new malware but actively developing proven ones, in an attempt to be more successful. There are several deadly trojans such as Emotet and Trickbot that have turned into weapons of mass cyber destruction with continuous modification and upgrades over a long period of time. Regular monitoring and tracking of such malware have become an important measure to keep a check on any future disaster.