Android spyware that can enter Indian travel apps identified: Here is how to protect your smartphone

A previously unknown piece of Android spyware which can enter into a travel application for Indian users has been identified. According to researchers at Kaspersky, the spyware was related to GravityRAT, a spying Remote Access Trojan (RAT) known for carrying out activities in India. Further investigation confirmed that the group behind the malware invested effort into making a multiplatform tool. In addition to targeting Windows operating systems, it can now be used on Android and Mac OS. The campaign is still active. 

In 2018, an overview into the developments of GravityRAT was published by cybersecurity researchers. The tool was used in targeted attacks against Indian military services. According to Kaspersky’s data, the campaign has been active since at least 2015, being mainly focused on Windows operating systems. A couple of years ago, however, the situation changed, and the group added Android to the target list. 

This malware can be used to target Windows OS, Mac OS, and Android. The modules can retrieve device data, contact lists, email addresses, call logs, and SMS messages. Some of the Trojans were also searching for files with .jpg, .jpeg, .log, .png, .txt, .pdf, .xml, .doc, .xls, .xlsx, .ppt, .pptx, .docx, and .opus extensions in a device's memory to also send them to the C&C. 

“Our investigation indicated that the actor behind GravityRAT is continuing to invest in its spying capacities. Cunning disguise and an expanded OS portfolio not only allow us to say that we can expect more incidents with this malware in the APAC region, but this also supports the wider trend that malicious users are not necessarily focused on developing new malware, but developing proven ones instead in an attempt to be as successful as possible,” comments Tatyana Shishkova, security expert at Kaspersky. 

How to keep your smartphone safe? 

·Provide your SOC team with access to the latest threat intelligence (TI).  

·For endpoint level detection, investigation and timely remediation of incidents, implement reliable EDR solutions. 

·To protect corporate devices, including those on Android, from malicious applications, use an endpoint security solution with a mobile application control. This can make sure that only trusted applications from an approved whitelist can be installed on devices that have access to sensitive corporate data.