Pakistan-linked state-sponsored threat actor Transparent Tribe has been observed using new versions of the CapraRAT Android trojan that mimic the appearance of YouTube, SentinelOne reports.
Also tracked as APT36 and Mythic Leopard and active since at least 2016, the threat actor is known for the targeting of government and military personnel in India and Pakistan, and was recently seen targeting the Indian education sector as well.
The threat actor has been using CapraRAT since 2018, mainly for surveillance purposes, targeting individuals connected to matters involving the Kashmir region and human rights activists working on Pakistan-related issues.
Transparent Tribe is distributing its Android malware via malicious websites, relying on social engineering to convince the intended targets to install the trojanized applications.
Earlier this year, the threat actor was seen distributing CapraRAT iterations masquerading as a dating service app, most likely via a romance scam. The three recent CapraRAT samples that mimic YouTube appear to use the same scheme for distribution, SentinelOne says.
The samples borrow the YouTube icon and request permissions typically associated with the legitimate video sharing service, including microphone access. When executed, the malware launches a WebView object to load the YouTube website, so as not to raise suspicion.
Once installed on a victim’s device, the malware can make recordings using the microphone and cameras, collect messages and call logs, send and block messages, make phone calls, take screenshots, override system settings for GPS and network, and modify files.
“Transparent Tribe is a perennial actor with reliable habits. The relatively low operational security bar enables swift identification of their tools. The group’s decision to make a YouTube-like app is a new addition to a known trend of the group weaponizing Android applications with spyware and distributing them to targets through social media,” SentinelOne notes.
The cybersecurity firm warns all individuals associated with diplomatic, military, and activist matters related to India and Pakistan to be wary of potential targeting by Transparent Tribe.
Related: Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Related: Meta Disrupted Two Cyberespionage Operations in South Asia
Related: Threat Actor Targets Indian Government With Commercial RATs
More from Ionut Arghire
- Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
- Firefox 118 Patches High-Severity Vulnerabilities
- Stolen GitHub Credentials Used to Push Fake Dependabot Commits
- Google Open Sources Binary File Comparison Tool BinDiff
- UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
- Xenomorph Android Banking Trojan Targeting Users in US, Canada
- $200 Million in Cryptocurrency Stolen in Mixin Network Hack
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
Latest News
- Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
- CISA Unveils New HBOM Framework to Track Hardware Components
- Gem Security Lands $23 Million Series A Funding
- Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
- Firefox 118 Patches High-Severity Vulnerabilities
- Stolen GitHub Credentials Used to Push Fake Dependabot Commits
- Google Open Sources Binary File Comparison Tool BinDiff
- macOS 14 Sonoma Patches 60 Vulnerabilities
