The GravityRAT, one malware that controls the CPU temperature of Windows computers for virtual machine or sandbox detection, acquired additional features so that it can infect Android and macOS Appliances.
New versions of RAT infect Android and macOS devices
Her researchers Kaspersky have recently discovered that RAT targets macOS and Android.
It also uses digital signatures to show the applications its legal.
The new version of GravityRAT was detected during the analysis of a Android spyware application (eg Travel Mate Pro), which steals contacts, emails and documents sent to nortonupdates [.] online command-and-control server, which is also used by two other malicious applications (Enigma and Titanium) targeting Windows and macOS.
The spyware malware that these malware install applications executes multi-format code and allows intruders to send commands to:
- download system information
- Browse files on your computer and removable disks with the extensions .doc, .docx, .ppt, .pptx, .xls, .xlsx, .pdf, .odt, .odp, and .ods
- download a list of current procedures
- keyboard tracking
- download screenshots
- execute shell commands
- audio recording (does not apply to this version)
- door scan
According to Kaspersky, the analysis showed other malicious activities, also related to the team behind GravityRAT.
"In total, more than 10 versions of GravityRAT, which were released as legitimate applications, such as secure file-sharing applications that would help protect the devices of users by Trojans or as media players", Said the researchers.
With all these versions, GravityRAT is now able to affect both Windows computers as well as MacOS and Android.
Delivered via links
Kaspersky researchers also found applications in .NET, Python and Electron, which are presented as legitimate applications and download GravityRAT payloads from the C&C server.
From 2015 to 2018 have taken place at least 100 successful attacks with GravityRAT. In fact, many police and defense workers were infected after being deceived (via Facebook) and installing an alleged "secure messenger".
According to Bleepingcomputer, researchers are not sure how the new version of RAT will be distributed, but they believe that they are likely to send links that lead to malicious applications (as they have done in the past).
"Our research has shown that hackers behind GravityRAT continue to invest in its capabilities for espionage", Said Kaspersky security expert Tatyana Shishkova.
Kaspersky's researchers believe that since RAT targets Android and MacOS, we should expect more attacks. Also, the hackers behind GravityRAT, show that the Criminals they do not just create new malware. They tend to develop existing malware to make it more effective.