Kaspersky researchers spotted updated GravityRAT code indicating an overhaul of the the malware. The malware is capable of retrieving device data, contact lists, email addresses, call logs and SMS messages and can exfiltrate various types of documents and files. The main change in the tactics is the investment into expanding the group s target base, researchers concluded. The campaign is continuing, mainly targeting victims in India, the researchers said. The cybercriminals also started using digital signatures to make the apps look more legitimate.
Source: https://threatpost.com/gravityrat-back-android-macos-spyware/160299/