A remote access trojan, the GravityRAT is now being distributed in the wild via a fake end-to-end chat platform called SoSafe Chat.
While the malware was expensively disguised as Travel Mate Pro in 2020 to target high-ranking officials in India, the threat actor behind the malware said to Pakistani attackers changed its name and continued with its original motive to attack Indians.
Once the app is installed, the spyware can perform various operations on a target’s device including the ability for threat actors to steal data; spy on victims and track their locations; read text messages, call logs and contract data; change or change system settings; get current mobile network information, the victim’s phone number and serial number, the status of ongoing calls and a list of all phone accounts registered on the device; read files to external storage; record audio; get information about the connected network; locate the device’s location.
The download link and registration form for the distribution of the app no longer work, although the website used in the distribution will remain online.
For more information, read the original story in Bleeping Computer.