A Windows based remote access trojan has resurfaced after 2 years of inactivity.
The malware is considered to be developed by Pakistani hacker groups and now has increased capabilities. The malware was found targeting android and macOS devices along with Windows devices.
Security researchers have recently reported that GravityRAT can steal device data, contact lists, e-mail addresses, and call and text logs and transmit them to an attacker-controlled server. CERT-India reported the malware back in 2017 when it was found attacking Indian organizations.
GravityRAT was infecting various devices and users by circulating malicious word documents. Last year the same malware was found to be using fake Facebook accounts to compromise various defense organizations.
The target was painted on more than 98 officials from various defence forces and organizations, such as the Indian Army, Air Force, and Navy, and trick them into installing the malware disguised as a secure messaging app called Whisper.
The application that contain this malware are very diverse in category like travel, file sharing, media players, and adult comics, catering to users of Android, macOS, and Windows.
The malware and its capabilities are huge as it can be used to compromise system information, documents with specific extensions, a list of running processes, record keystrokes and take screenshots, and even execute arbitrary Shell commands.
NPAV recommends users to always download apps from trusted app stores and refrain from using the third-party app stores. Users must download files or apps only from those app stores which follow a strict security guideline.
Install NPAV on your Windows and Android devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.