GravityRAT, a Remote Access Trojan, is being spread in the wild once more, this time disguised as SoSafe Chat, an end-to-end encrypted chat application.
GravityRAT is a spyware-type of malware that enables threat actors to steal data from compromised machines. The malware’s developers target users of Windows, Mac OS X, and Android.
The trojan has been actively developed by what appears to be Pakistani cybercrime organizations since at least 2015, and it has been used in targeted operations against Indian military entities.
The most recent operation’s telemetry statistics reveal that the targeting extent hasn’t changed, and the RAT is still targeting high-profile people in India, such as officers in the Armed Forces.
Posing as a Chat App
The spyware was originally targeting users through an Android app called ‘Travel Mate Pro,’ but because traveling became challenging because of the pandemic, the cybercriminals had to adapt to the new situation.
The application is now known as ‘SoSafe Chat,’ and it is advertised as a safe messaging app having end-to-end encryption.
The website that probably helped spread the application (sosafe.co[.]in) is still up and running, but the download link and registration form are no longer functional.
The distribution process is