GravityRAT, a malware that was previously known for spying on Windows devices has now been identified to be infecting Android and macOS devices. The criminal spyware was used to target Indian Armed forces initially and is believed to have been created by a Pakistani hacker group. It has been active since 2015 and was then limited to windows machines – first key changes to the malware were indicated in 2018 with the intention to target Android users.
According to the latest revelation by Kaspersky, spyware GravityRAT code has undergone an overhaul and it is now a “multiplatform tool” and still active. Reportedly the spyware is embedded within a mobile app used by travelers in India. The spyware GravityRAT is concealed as a module within the Travel Mate app whose source code is available on GitHub. Find the list of other compromised apps on SecureList.
Reportedly the GravityRAT code has been added to the app and it has been released as Travel Mate Pro. Kaspersky compared the codes of the original and the Pro versions of the Travel Mate app and possibly identified the malicious code, which on analyzing was determined to be related to the GravityRAT spyware.
Since the researchers found this atypical of Android malware, they looked further to find over 10 versions of GravityRAT all of them distributed in trojanized applications. Combined together, they allegedly represent a multiplatform code base capable of tapping into Android, Windows, and macOS. Surprisingly iOS is not included here.
When installed on a potential victim device, the spyware is capable of retrieving data including email addresses, contact lists, call logs, SMSs, and various other file types on native and external storage. For now, the malware is targeting users in India, which have been the standard targets for the team behind GravityRAT.