Mobiles & Tablets

Spyware found in Android applications: Kaspersky

K V Kurmanath Hyderabad | Updated on October 20, 2020 Published on October 20, 2020

Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications   -  BusinessLine

GravityRAT, a spying Remote Access Trojan, is behind the intrusion; hackers can retrieve device data, contact lists, email addresses, call logs, and SMS messages

Cyber security experts have identified an Android spyware, which was inserted into a travel application for Indian users. The group behind the malware invested effort into making a multi-platform tool.

Cyber security experts at Kaspersky claims that GravityRAT, a spying Remote Access Trojan (RAT), is behind the intrusion. “In addition to targeting Windows Operating Systems, it can now be used on Android and Mac OS. The campaign is still active,” Kaspersky has said.

The campaign has been active since 2015. It added Android to its target list. The tool, Kaspersky claimed, was used in targeted attacks against Indian military services.

“The identified module was yet further proof of this change (addition of Android as its target), and there were a number of reasons why it didn’t look like a typical piece of Android spyware,” it said.

Also read: ‘Scareware’ pop-ups trick mobile users into clicking malware: Report

“For instance, a specific application has to be selected to carry out malicious purposes, and the malicious code, as is often the case, was not based on the code of previously known spyware applications,” it said.

More than 10 versions found

Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players.

Used together, these modules enabled the group to tap into Windows OS, Mac OS, and Android, the cyber security solutions firm said.

“The modules can retrieve device data, contact lists, email addresses, call logs, and SMS messages. Some of the Trojans were also searching for files with extensions such as .jpg, .jpeg, .log, .png, .txt, .pdf, .xml, .doc, .xls, .ppt, and .docx in a device's memory to also send the data back to the attackers.

“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. We can expect more incidents with this malware in the Asia-Pacific region,” Tatyana Shishkova, a security expert at Kaspersky, has said.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on October 20, 2020
This article is closed for comments.
Please Email the Editor