Malware comes in all shapes and sizes. Some strains copy and encrypt files. Others serve annoying ads.
Still others work quietly in the background, mining this or that cryptocurrency using your computer’s processing power to do it.
GravityRAT is a different sort of creature. It has been actively developed since at least 2015 by Pakistani hacker groups, and has been used primarily against military installations in India. As such, it’s not the sort of malware your IT staff is likely to have a face to face encounter with unless you’re doing contract work with the Indian military. It is interesting, however, and worth taking a closer look at.
GravityRAT was designed primarily to check the CPU temperature of Windows-based machines, and to detect the presence of sandboxes or virtual machines so that its controllers would know what type of environment they were operating in.
Recently though, security researchers at Kaspersky Lab discovered new strains of GravityRAT that are designed to work on both Android and Apple devices. The GravityRAT development team has also been quietly updating the capabilities of their malicious code.
As of the latest build, in addition to the two things above, the malware can:
Out of all these, it is the last one that makes GravityRAT genuinely dangerous, as there are any number of exploits the hackers could use here. Clearly, the team is building toward a specific goal, but so far, we can only guess at what that goal might be.
In any case, the latest build of GravityRAT is much more robust than anything that’s come before it, and it’s a good bet that the team is getting close to whatever finish line they have set for themselves. After that, there’s no telling what they might use their new tool for.
700 Dorval Drive
Suite 601 Oakville,
ON L6K 3V3
Intel Adding Additional
Security To Future
Shift IT Solutions is a group
of experienced, highly-intelligent
and solution-driven professionals
that help businesses solve their
IT nightmares once and for all.