-
It is a malware allegedly designed by Pakistani hackers, which has updated its programming capablities and is equipped with anti-malware evasion capabilites
-
It is designed to infliltrate computers and steal the data of users, and relay the stolen data to Command and Control centres in other countries.
-
The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace.
How is it different from other Malwares?
-
GravityRAT is unlike most malware, which are designed to inflict short term damage. It lies hidden in the system that it takes over and keeps penetrating deeper.
-
GravityRAT has now become self aware and is capable of evading several commonly used malware detection techniques,
-
One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide an extra layer of security.
-
Typically, malware activity is detected by the ‘noise’ it causes inside the Central Processing Unit, but GravityRAT is able to work silently.
-
It can also gauge the temperature of the CPU and ascertain if the device is carrying out high intensity activity, like a malware search, and act to evade detection,
-
The other concern is that the Command and Control servers are based in several countries. The data is sent in an encrypted format, making it difficult to detect exactly what is leaked.