In the evolution of online threats, it is now possible for an infection to originate on one platform before migrating to another. And now, we see just that, as two malware threats that began on Windows—GravityRAT and IPStorm—are now available for Mac, Android, and Linux. So what can these malware threats do exactly, and what does this mean for the future of Mac-based malware threats?
What is the GravityRAT Remote Access Trojan?
GravityRAT is a remote access Trojan. The Windows version of GravityRAT was initially discovered in 2017, but some researchers claim it may have been active since 2015 or earlier. GravityRAT initially targeted the armed forces of India.
By 2018, GravityRAT had been ported to Android. The hackers behind the infection used the source code of a legitimate Android mobile app called Travel Mate and added additional malicious code before distributing it as “Travel Mate Pro.” The real Travel Mate app is a useful program designed for people who travel in India. Other variants of this Trojan, for both Windows and Mac, have been distributed under the names “OrangeVault,” “StrongBox,” and “TeraSpace.”
What is the InterPlanetary Storm (IPStorm) Botnet?
The initial Windows version of InterPlanetary Storm (or IPStorm) malware was discovered in May of 2019, while the first Linux version was found in June 2020. The latest version targets devices running UNIX-like operating systems, including Linux, Android-based TV boxes, and Darwin — the core of the macOS. IPStorm spreads by conducting dictionary-based, brute-force password attacks against SSH servers and accessing open Android Debug Bridge (ADB) ports.
The malware maker and botnet master’s intentions are still unknown, but an estimated 13,500 devices are believed to be infected worldwide in at least 84 different countries. Almost 60% of infected devices are located in Hong Kong, South Korea, or Taiwan.
Why is Windows Malware Coming to Mac?
The Mac market share has more than doubled in the last seven years, according to data from Statista. As a result, we’ve seen a marked increase in Mac malware in recent years. We’ve even seen state-sponsored attackers that distributed Windows malware start to target macOS, as was the case with Lazarus malware during Operation AppleJeus in 2018. With Windows malware developers noticing these trends, Macs are becoming a target that you can expect to see hit with more frequency in the future.
If you are still having trouble, consider contacting remote technical support options.