A persistent and highly sophisticated cyber threat known as GravityRAT continues to evolve, posing a significant multi-platform espionage risk primarily targeting Indian military, government, and defense sectors, GBHackers News reports.Attributed to Pakistani state-sponsored actors, this decade-old remote access trojan distinguishes itself through its ability to operate across Windows, Android, and macOS using a unified command structure and advanced anti-detection techniques. Its distribution relies on patient, targeted social engineering via spear-phishing and trojanized Android apps, rather than mass campaigns, to compromise high-value individuals.Technically, GravityRAT employs sophisticated evasion measures, including seven different virtual machine detection methods, notably a CPU temperature query that reliably exposes sandbox environments. Once deployed, it systematically exfiltrates sensitive data like SMS, call logs, and WhatsApp backups, communicating over encrypted channels. Security experts recommend a multi-layered defense combining updated EDR solutions, behavioral monitoring, strict app policies, and user education to counter its advanced, patient tradecraft.
Threat Intelligence, Malware
State-backed GravityRAT uses advanced evasion, social engineering

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



