GravityRAT, a malware allegedly designed by Pakistani hackers, has recently been updated further and equipped with anti-malware evasion capabilities.
- The RAT was first detected by Indian Computer Emergency Response Team, CERT-In, on various computers in 2017. It is designed to infiltrate computers and steal the data of users, and relay the stolen data to Command and Control centres in other countries.
- The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace.
- The latest update to the program by its developers is part of GravityRAT’s function as an Advanced Persistent Threat (APT), which, once it infiltrates a system, silently evolves and does long-term damage.
- GravityRAT is unlike most malware, which are designed to inflict short term damage. It lies hidden in the system that it takes over and keeps penetrating deeper.
- GravityRAT has now become self aware and is capable of evading several commonly used malware detection techniques.
- GravityRAT infiltrates a system in the form of an innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS PowerPoint, Adobe Acrobat or even audio and video files.
- The other concern is that the Command and Control servers are based in several countries. The data is sent in an encrypted format, making it difficult to detect exactly what is leaked.
CERT-In had issued an alert for it last year, with advisory asking users to review cybersecurity measures and update anti-malware tools. [The Hindu]