According to Maharashtra cybercrime department officials, GravityRAT, a malware allegedly designed by Pakistani hackers has recently been updated further and equipped with anti-malware evasion capabilities. GravityRAT was first detected by Indian Computer Emergency Response (CERT-In), on various computers in 2017.
RAT (Remote Access Trojan) is a program capable of being controlled remotely and thus difficult to trace.
GravityRAT is designed to infliltrate computers and steal data of users, and relay stolen data to Command and Control centres in other countries. It infiltrates system in the form of innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS Powerpoint, Adobe Acrobat or even audio and video files.
Unlike most malware, which are designed to inflict short term damage, GravityRat lies hidden in the system that it takes over and keeps penetrating deeper. Its latest update enables this malware to function as Advanced Persistent Threat (APT), which, once it infiltrates system, silently evolves and does long-term damage.
The updates also have made malware self-aware and evade several commonly used malware detection techniques. One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide extra layer of security. GravityRAT now has the ability to mask its presence evade its detection before it can be sandboxed.
GravityRAT is able to work silently on the system it attacks as compared to other malware whose activity can be detected by noise it causes inside Central Processing Unit (CPU). It can also gauge temperature of CPU and ascertain if device is carrying out high intensity activity, like malware search, and act to evade detection
GravityRAT sends data to Command and Control servers based in several countries sent in encrypted format, making it difficult to detect exactly what is leaked.