fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows GravityRAT Malware Now Also Targets Android, MacOS

Windows GravityRAT Malware Now Also Targets Android, MacOS

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices.

The GravityRAT Remote Access Trojan (RAT) has been under active development by what looks like Pakistani hacker groups since at least 2015 and has been deployed in targeted attacks against Indian military organizations.

New versions infect Android and macOS devices

While the malware authors previously focused their efforts on targeting Windows machines, a sample discovered by Kaspersky researchers last year shows that they are now adding macOS and Android support.

They are now also signing their code using digital signatures to make their booby-trapped apps look legitimate.

The updated RAT sample was detected while analyzing an Android spyware app (i.e., Travel Mate Pro) that steals contacts, emails, and documents which get sent to the nortonupdates[.]online command-and-control server also used by two other malicious apps (Enigma and Titanium) targeting the Windows and macOS platforms.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

Spyware malware dropped by these malicious apps on infected devices runs multiplatform code and it allows attackers to send commands to:

  • get information about the system
  • search for files on the computer and removable disks with the extensions .doc, .docx, .ppt, .pptx, .xls, .xlsx, .pdf, .odt, .odp, and .ods, and upload them to the server
  • get a list of running processes
  • intercept keystrokes
  • take screenshots
  • execute arbitrary shell commands
  • record audio (not implemented in this version)
  • scan ports

“Analysis of the command and control (C&C) addresses module used revealed several additional malicious modules, also related to the actor behind GravityRAT,” researchers at Kaspersky found.

“Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players.

“Used together, these modules enabled the group to tap into Windows OS, MacOS, and Android.”

Delivered via links to booby-trapped apps

Kaspersky has also found applications developed in .NET, Python, and Electron, often as clones of legitimate apps, that will download GravityRAT payloads from the C&C server and add a scheduled task on the infected device to gain persistence.

Roughly 100 successful attacks using this RAT were detected between 2015 and 2018, with defense and police employees getting infected after being tricked via Facebook to install a “secure messenger” according to reports.

While the infection vector in the case of these updated samples remains unknown, Kaspersky says that targets are probably being sent download links to the malicious apps just as it happened in the past.

“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities,” Kaspersky security expert Tatyana Shishkova said.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

“Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead, in an attempt to be as successful as possible.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us