The notorious GravityRAT spyware, which initially targeted Windows PCs, now also enable attacks against Macs and Android devices.

Remote Access Trojans (RATs) are so-called because they masquerade as legitimate apps (the Trojan part) and then permit the compromised machine to be accessed remotely …

Cybersecurity company Kaspersky describes the GravityRAT malware as ‘infamous’ because it has been used in attacks against even military targets, and enables a huge amount of control.

Bleeping Computer reports on the capabilities of the spyware.

– get information about the system
– search for files on the computer and removable disks with the extensions .doc, .docx, .ppt, .pptx, .xls, .xlsx, .pdf, .odt, .odp, and .ods, and upload them to the server
– get a list of running processes
– intercept keystrokes
– take screenshots
– execute arbitrary shell commands
– record audio (not implemented in this version)
– scan ports

Macs are relatively well protected against trojans because Apple vets apps allowed into the Mac App Store, and by default won’t allow software from other sources to be installed. If a user overrides the default protection, macOS still checks to see whether the app is signed by a legitimate developer.

However, BleepingComputer reports that the group behind GravityRAT uses stolen developer signatures to make the apps appear legitimate.

It isn’t possible to list the infected apps, as GravityRAT mimics a variety of legitimate apps. The best protection is to ensure you only install apps from the Mac App Store or directly from developers you trust. Similarly, don’t plug in cables or devices to your Mac unless you know their provenance.