Infamous Windows GravityRAT now Attacks Android, macOS Devices

Researchers has recognized an previously unknown piece of Windows malware “GravityRAT” that targets the Android malware and macOS users and it discovered from the ill-disposed module that has been inserted in a driving application for Indian users.

The additional investigation verified that the organization behind the malware has put advanced effort into creating a multiplatform tool. In addition to attacking the Windows operating systems, it can now be utilized on Android and Mac OS, and the campaign is still running.


According to the reports GravityRat was issued by cybersecurity researchers in 2018, the tool had been applied in targeted attacks against Indian military services. The data that has been gathered by Kaspersky, the campaign has been active since at least 2015, concentrating largely on Windows operating systems. 

After investigating it properly, the experts revealed that it was associated with GravityRAT, a spying Remote Access Trojan (RAT) famous for carrying out projects in India.

The GravityRAT Remote Access Trojan (RAT) has remained under active growth by what looks like Pakistani hacker groups since 2015. It has been extended in targeted attacks against Indian military institutions. However, a few years ago, the circumstances were changed, and the group combined Android to the target list.

Data That Modules Can Retrieve

The spyware capabilities are packed within GravityRAT that enable the malware to retrieve the following device data:-

  • Contact lists
  • Call logs
  • Email addresses
  • SMS messages

Extensions used

There are some additional data that are used to find and exfiltrate files that are based on extensions, and here’s the list of extensions that are used, mentioned below:-

  • .docx
  • .doc
  • .ppt
  • .pptx
  • .txt
  • .pdf
  • .xml
  • .jpg
  • .jpeg
  • .log
  • .png
  • .xls
  • .xlsx
  • .opus


The experts have suggested some recommendations that will help the user to keep themselves safe from all unwanted spyware. Here, we have mentioned below the recommendations that are to be followed by the users very carefully:-

  • Equip your SOC team with access to the most advanced threat intelligence (TI). The Kaspersky Threat Intelligence Portal confers access to the company’s TI, presenting cyberattack data and penetrations that are collected by Kaspersky for more than 20 years.
  • Perform certain EDR solutions to prohibit endpoint level exposure.
  • Protect all the corporate devices, including those on Android, from ill-disposed applications, utilize an endpoint security solution with mobile application control. This step will help the user to make sure that only assigned apps from an authorized whitelist can be installed on devices with a path to delicate corporate data.

Apart from this, the security researchers at Kaspersky have affirmed that their investigation designated the actor behind GravityRAT is proceeding to invest in its spying capacities. Cleverly disguise and an increased OS portfolio, that not only enables us to say that we can assume more occurrences with this malware in the APAC region.

While on the other side, it also supports the more extensive trend that ill-disposed users are not fundamentally concentrated on developing new malware but expanding proven ones instead of being as strong as possible.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Published by
Balaji N
Tags: malware

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

37 mins ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

17 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

18 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

21 hours ago