Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

GravityRAT – Do You KNOW This Malware?

This spyware was allegedly created by Pakistani threat actors.

Post by Rajarshi Mitra In Security on Oct 27, 2020

As per KNOW’s threat intel dashboard, GravityRAT was the fourth-most trending threat over the last seven days.


What is GravityRAT?

GravityRAT is a special kind of malware called “spyware,” which allows cybercriminals to steal targetted data from infected devices. It was originally designed by Pakistani hackers, has recently been updated further with anti-malware evasion capabilities. This RAT or Random Access Trojan was first detected by Indian Computer Emergency Response Team, CERT-In, on various computers in 2017.

Why is GravityRAT trending?

Kaspersky researchers have found that the GravityRAT malware, restricted initially to Windows, can now attack Android and Mac. This new version of the malware was spotted in the travel application code intended for Indian users.

According to Kaspersky, there are 10 different versions of the malware currently in the wild and are spread under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices against Trojans, or through media players.”

Tatyana Shishkova, a security expert at Kaspersky, noted:

Our investigation shows that the actor behind GravityRAT continues to improve his spy skills. we can expect more malware attacks in Asia Pacific.

Reactions from Twitter


A Windows-based remote access Trojan believed to be designed by #Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target #Android and #macOS devices.


The criminals behind GravityRAT spyware have rolled out new #macOS and #Android variants for the first time.

GravityRAT References from KNOW


  • Total references: 1,000
  • References in the last 60 days: 702
  • Previous 7 days references: 565

GravityRAT Context from KNOW


  • Risk rules triggered: 5 out of 48.
  • Threat actors: APT34 Oilrig
  • Hashes: 16
  • Related intrusion methods: Remote command execution, denial of service, cryptojacking, infection chain, and exploit.
    Most recent sandbox reference: Any Run Sandbox result for Q.Whisper.exe

What is KNOW and How Can it Help Me Fight GravityRAT?

As mentioned before, KNOW is Netenrich’s threat intel and news-aggregator platform that makes it easier for you to dig into breaking news, evolving trends, and the threats and IOCs that matter to you. Get all the news, perspective, and intelligence you need in one place— FREE. Empower your SecOps to answer pressing questions in minutes and optimize their overall output.

Do you want a quick overview of how this works? Click here.

Do you like to get to the root of things and want to see how KNOW actually works? Click here.

Do you want to skip all these details and get to the core of things? In that case, click here and subscribe for free.

Why did we create Knowledge NOW? Read our story

About Author

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat, catching up on the latest Netflix docu-series.....or watching Harry Potter for the 5781241516th time.