GimmeRAT: Windows Attack Tool Gets Android Functionality

A remote access Trojan (RAT) that was solely targeting Windows machines has been given Android attack featues, indicating malicious hackers continue to ramp up efforts to crack the Google operating system.

Researchers came across the added functionality in WinSpy when investigating an attack on a US financial organisation. The malware was delivered via a fake payslip attached to an email.

More Android threats

The Android components allow the hacker to control the victim’s device using their own phone remotely over SMS messages or through a Windows-based controller.

Using the Android features, the attackers could take screenshots of target devices and their GPS location, sending the data to the malicious command and control servers. Text messages can also be monitored by the malware.

“The recent surge in Android-based RATs such as Dendroid and AndroRAT shows a spike in the interest of malicious actors to control mobile devices. GimmeRAT is another startling example of malicious actors venturing into the Android ecosystem,” security firm FireEye wrote in its blog post on the malware.

“These attacks and tools reaffirm that we live in an age of digital surveillance and intellectual property theft. Off-the-shelf RATs have continued to proliferate over the years and attackers have continued to increasingly use these tools.

“With the widespread adoption of mobile platforms such as Android, a new market continues to emerge with the demand for RATs to support these platforms. We will continue to see more implementations of RATs and payloads to support multiple platforms and attackers will continue to take advantage of these new attack surfaces to infiltrate their targets.

Google has repeatedly claimed its Android OS is safe because of its openness and very few users will ever actually get malware on their phones.

What do you know about Internet security? Find out with our quiz!