MACMYND

Although most remote access trojans (RAT) target Windows devices, ones that affect Macs have surfaced from time to time. In the case of GravityRAT, it appears that the group responsible for the malware have introduced support for both the macOS and Android operating systems.

Security researchers at Kaspersky have discovered an updated strain of GravityRAT while analyzing an Android spyware app. During the analysis, the researchers identified a server used by two other malicious apps targeting Windows and macOS.

“Overall, more than 10 versions of GravityRAT were found, being distributed under the guise of legitimate applications, such as secure file sharing applications that would help protect users’ devices from encrypting Trojans, or media players,” the researchers wrote.

GravityRAT is spyware known for checking the CPU temperature of computers in an effort to detect running virtual machines. Malicious code dropped by the RAT can be used to perform a range of cyber espionage, however.

According to Kaspersky, the trojan can allow attackers to send commands that get information about a system; search for files on a machine; intercept keystrokes; take screenshots; execute arbitrary shell commands; and get a list of running processes.

The researchers found apps written in Python, Electron, and .NET that will download GravityRAT payloads from a command and control server. From there, the malware adds scheduled tasks to gain persistence. Oftentimes, the malicious apps are clones of legitimate ones.

It’s unclear who exactly developed and maintains the GravityRAT malware, though it’s largely thought to be tied to Pakistani hacker groups who have used it to target Indian military and police organizations.

Although researchers discovered about 100 successful attacks using GravityRAT between 2015 and 2018, it appears that most of these have been highly targeted.

For example, defense and police employees in India were tricked into installing a “secure messenger” via Facebook, The Times of India reported.

Kaspersky notes that the exact infected vector is unknown, but targets are likely being directly sent download links to the infected trojans.

What that means in practice is that the average macOS user is likely safe from the RAT. Unless one is a target, security best practices such as avoiding shady links and only downloading apps from trusted app stores is likely enough to mitigate the threat.

Apple’s TrueTone technology has been useful for its customers for a while, with it enabling the colors of the display to seem the same when the user moves the screen through an environment. By monitoring the light in the local area, TrueTone automatically adjusts the color output of the display so the colors seem to be the same to the user at all times, at least relative to their surroundings.

One often overlooked area for TrueTone is the keyboard, as backlighting systems typically only display one shade of white light, or depending on the vendor, another color entirely. In such systems, the backlight doesn’t change to match the environment, remaining static and potentially seeming brighter, dimmer, or more blue following movement.

The exception to this are keyboards by some vendors that include RGB backlighting, with effects to make the keyboard entertaining and pleasing to look at, as well as to potentially provide instruction by highlighting keys in use. However, these keyboards do not generally provide TrueTone-style capabilities.

In a patent granted by the US Patent and Trademark Office on Tuesday titled “Mixed input lighting using multiple light sources and control circuitry to change a combined white light spectrum based on ambient light data,” Apple suggests such a TrueTone-for-keyboards system.

In short, Apple’s proposal involves the use of an external ambient light sensor to feed data into a system that determines what type of light should be output by the keyboard backlight. The control circuitry then instructs the backlight to combine light from multiple LEDs to generate specific types of white light, which are output through the key.

The concept is extremely similar to a version published in April titled “Electronic devices having backlit keyboards displays with adjustable white points,” but the latest patent is far more explicit in how it accomplishes the generation of the light itself.

According to the October filing, Apple outlines a few ways this could be accomplished, including the use of two LEDs that emit light with different white light spectrums, which are combined and shine through a window in the key cap. By controlling the output of each LED, the tone of light can be adjusted.

The key stack, showing how the LEDs in the bottom layer shine through to the top.

As well as using LEDs with different light spectrums, Apple also suggests each can have different phosphor coating thicknesses. Doing so would enable the LEDs to be produced the same way, but for the light itself to be adjusted by the phosphor coating.

Apple also suggests the coatings could be produced from “yttrium-aluminum-garnet phosphors,” and that the coating could be applied to part of a housing for each LED, rather than coating the entire component.

There is also the suggestion that this could be done using three LEDs rather than two white-based versions, by using the properties of RGB lighting to use red, green, and blue LEDs. By combining light from each at different levels, this again can create light with a varying level of warmth.

By using controllable LEDs, Apple also offers the possibility of using the keyboard to alert the user to events, such as by adjusting the color warmth to be a visual indicator. This could be more prominent in the three-LED version, with the light completely changing color to a bright red, for example.

One element that marks this patent as different from the April version is how it goes into more detail about how the LEDs are used. It includes drawings of a key cap stack, including an arrangement of the LEDs around a raised bubble section in the middle, with each positioned to line up with gaps to maximize the light output through the key cap’s window without obstruction.

There is also discussion about mounting the LEDs to a surface facing the underside of the key cap, as well as on the base of the key cap itself. In this latter scenario, light would shine into the cavity of the keyboard and be reflected back through the key cap window, giving more distance for light to travel from the LEDs, disperse, and mix before being seen by the user.

Originally filed on October 18, 2019, the patent lists its inventors as Paul X. Wang and Liquan Tan.

A flowchart for a TrueTone-style keyboard backlight system

Apple files numerous patent applications on a weekly basis, but while the existence of a patent indicates areas of interest for Apple’s research and development efforts, they do not guarantee the existence of a product or service using the same concepts in the future.

Other potential ways Apple may change the keyboard have been highlighted in patents such as using glass for strength and transparency, and a “keyless keyboard”“keyless keyboard” that uses haptic feedback to mimic key presses.