Threat Intelligence, Malware

State-backed GravityRAT uses advanced evasion, social engineering

Digital warning signs: A digital landscape, with warning signs on the screen, which depicts an alert or error.

A persistent and highly sophisticated cyber threat known as GravityRAT continues to evolve, posing a significant multi-platform espionage risk primarily targeting Indian military, government, and defense sectors, GBHackers News reports.

Attributed to Pakistani state-sponsored actors, this decade-old remote access trojan distinguishes itself through its ability to operate across Windows, Android, and macOS using a unified command structure and advanced anti-detection techniques. Its distribution relies on patient, targeted social engineering via spear-phishing and trojanized Android apps, rather than mass campaigns, to compromise high-value individuals.

Technically, GravityRAT employs sophisticated evasion measures, including seven different virtual machine detection methods, notably a CPU temperature query that reliably exposes sandbox environments. Once deployed, it systematically exfiltrates sensitive data like SMS, call logs, and WhatsApp backups, communicating over encrypted channels. Security experts recommend a multi-layered defense combining updated EDR solutions, behavioral monitoring, strict app policies, and user education to counter its advanced, patient tradecraft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds