GravityRAT is a malware known for detecting virtual machines or sandboxes by checking the CPU temperature of Windows computers, and has now become a multi-platform spyware because it can now also be used to infect Android and macOS devices. GravityRAT remote access trojans (RAT) have been actively developed by seemingly pakistani hackers since at least 2015 and deployed in targeted attacks against indian military organizations.
The updated rat sample was detected while analyzing an Android spyware application (travel mate Pro), which steals contacts, e-mails and files, which are sent to the online command and control server, which is also used by two other malicious applications (enigma and titanium) for windows and Mac OS platforms.
The spyware malware launched by these malicious applications on infected devices runs multi platform code, which allows attackers to access system information, search for files with extensions of. Doc,. Docx,. PPT,. Pptx,. XLS,. Xlsx,. PDF,. ODT,. ODP, and. ODS on computers and removable disks, and upload them to the server to obtain running processes List, wiretap, screen capture, arbitrary execution of shell commands, recording and scanning ports.