GravityRAT Spyware Targets Android & MacOS in India

The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.

Researchers have identified GravityRAT, a spying remote access Trojan (RAT) known to target devices in India, in an attack campaign against Android and MacOS devices. The activity was still ongoing at the time their findings were published on Oct. 19.
GravityRAT has been active since at least 2015 and primarily focused on Windows operating systems, Kaspersky researchers
report
, noting the Trojan has been used to target the Indian military services. A couple of years ago, its operators added Android to its list of targets.
The team recently identified a module proving GravityRAT is targeting Android. As far as functionality goes, its capabilities are fairly standard: The spyware sends device data, contact lists, email addresses, and call and text logs to the attackers command-and-control (C2) server.
However, there are some reasons GravityRAT doesnt look like the usual Android spyware. A victim must choose a specific application in order to launch malicious activity; further, malicious code isnt based on the code of previously known spyware applications. Analysis of the C2 addresses module used revealed several additional versions of GravityRAT, all distributed disguised as legitimate applications such as secure file-sharing apps.
Used together, these modules let the attackers tap into Windows, macOS, and Android, the researchers say.
A 2019
article
from The Times of India shows that between 2015 and 2018, GravityRAT victims were contacted through a fake Facebook account and asked to install a malicious app disguised as a secure messaging service. The activity affected about 100 employees of defense, police, and other organizations. The Kaspersky team believes the latest campaign is likely using similar infection techniques.
Read Kasperskys
full writeup
for more details.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
GravityRAT Spyware Targets Android & MacOS in India