What happened
A new variant of GravityRAT malware has been identified with enhanced remote access capabilities affecting Windows and Android devices. Security researchers reported that the malware supports file exfiltration, command execution, screen capture, and system reconnaissance. GravityRAT has historically been associated with targeted espionage campaigns and continues to evolve with more robust persistence and command-and-control functionality.
Who is affected
Government entities, defense organizations, and high-value individuals using Windows or Android devices are at elevated risk.
Why CISOs should care
Advanced remote access trojans enable long-term espionage, silent data theft, and persistent access to sensitive environments.
3 practical actions
1. Deploy EDR tooling: Detect abnormal persistence, privilege escalation, and C2 traffic.
2. Secure mobile endpoints: Include Android devices in endpoint security and monitoring programs.
3. Segment sensitive systems: Reduce lateral movement opportunities following endpoint compromise.