Comments
Cyber security experts have identified an Android spyware, which was inserted into a travel application for Indian users. The group behind the malware invested effort into making a multi-platform tool.
Cyber security experts at Kaspersky claims that GravityRAT, a spying Remote Access Trojan (RAT), is behind the intrusion. “In addition to targeting Windows Operating Systems, it can now be used on Android and Mac OS. The campaign is still active,” Kaspersky has said.
The campaign has been active since 2015. It added Android to its target list. The tool, Kaspersky claimed, was used in targeted attacks against Indian military services.
“The identified module was yet further proof of this change (addition of Android as its target), and there were a number of reasons why it didn’t look like a typical piece of Android spyware,” it said.
Also read: ‘Scareware’ pop-ups trick mobile users into clicking malware: Report
“For instance, a specific application has to be selected to carry out malicious purposes, and the malicious code, as is often the case, was not based on the code of previously known spyware applications,” it said.
More than 10 versions found
Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players.
Used together, these modules enabled the group to tap into Windows OS, Mac OS, and Android, the cyber security solutions firm said.
“The modules can retrieve device data, contact lists, email addresses, call logs, and SMS messages. Some of the Trojans were also searching for files with extensions such as .jpg, .jpeg, .log, .png, .txt, .pdf, .xml, .doc, .xls, .ppt, and .docx in a device's memory to also send the data back to the attackers.
“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. We can expect more incidents with this malware in the Asia-Pacific region,” Tatyana Shishkova, a security expert at Kaspersky, has said.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.