GravityRAT is a new Remote Access Trojan horse threat that has been reported by the security researchers. This Trojan program stealthily infiltrates to the target system and does a series of malicious actions. While remaining undetected by the users, it aims to allow the control the attacked system or device remotely by the cyber-criminals.
GravityRAT malware could enter through spam email attachments to appears to be legitimate but actually contains the link to download this malicious program onto the victims PC. Other sources may also include fake program updates, downloading files from infected websites and many such.
Once downloaded, GravityRAT modifies Windows Registry Editor by adding Run and RunOnce registry sub-keys entries. This enables the program to start automatically each time Windows in order to make it’s malicious modules launch automatically starts. It further locates the installed or active anti-virus program and firewall to shut it off and remain undetected. After that, the malware establishes remote connection to download and run various types of files like setup.exe, patch.exe, svchost.exe, notepad.exe, software-update.exe and many others within the targeted folders. Similar to NETWIRE RAT malware detected previously, GravityRAT then does a number of harmful activities, some of them are as follows:
- Stealing private data by recording the keystrokes.
- Creating copies of itself to distinct folder to escape anti-virus detection cleverly.
- Download malicious files and program to run them on the computer system.
- Replaces the legitimate program files to the infected copies of it.
- Make remote connection and allow cyber-criminals to access the system. Copy text from your documents.
- Delete important system files and damage other Windows components.
- Degrade system performance and infect other any other external media devices like Eject flash drives, eject CD/DVD drives, etc.
The manual removal of GravityRAT is not recommended, thus victims needs to download the powerful detection tool to get rid of this threat completely out from the PC.