Researchers at Kaspersky Labs published a technical report about Microsoft Windows malware known as GravityRAT
that was previously seen in 2017 and 2018 targeting the Indian armed forces. The researchers believe that the Windows version of this threat has been around since at least 2015, and attributed its creation to a Pakistani hacker group. In 2018, an Android version was added. In the most recent iteration that was reported on October 19th, 2020, the malware was inserted into a legitimate Android app called Travel Mate and distributed as an “upgraded” version called Travel Mate Pro. The attackers took a version of the Travel Mate app that was published on Github in October 2018, and added malicious code that allowed it to surreptitiously collect contact lists, e-mail addresses, call and text logs, and copies of any files that could be images, text files, Word documents, spreadsheets and PowerPoint presentations. The Android malware connects to a Command and Control (C2) server using the same domain as does a PowerShell variant that executes C# code, as well as a Visual Basic Script (VBS) template that was embedded inside a DLL in a PyInstaller container, concealed inside another fake software application called Enigma that purported to defend against ransomware.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.