GravityRAT Comes Back to Earth with Android, macOS Spyware


Level 68
Content Creator
Malware Hunter
Aug 17, 2014
The criminals behind GravityRAT spyware have rolled out new macOS and Android variants for the first time.

The GravityRAT remote access trojan has been around since at least 2015, according to researchers from Kaspersky, but it has mainly focused on Windows operating systems. The last piece of major development news came in 2018, when developers behind the malware made key changes to the RAT’s code in an attempt to decrease antivirus detection.

Recently though, Kaspersky researchers spotted updated GravityRAT code indicating an overhaul of the the malware. “Further investigation confirmed that the group behind the [GravityRAT] malware had invested effort into making it into a multiplatform tool…the campaign is still active,” according research published on Monday.

The malware is capable of retrieving device data, contact lists, email addresses, call logs and SMS messages and can exfiltrate various types of documents and files.
“The main modification seen in the new GravityRAT campaign is multiplatformity,” researchers said. “Besides Windows, there are now versions for Android and macOS. The cybercriminals also started using digital signatures to make the apps look more legitimate.”