A suspected Pakistani-affiliated Advanced Persistent Threat (APT) group known as the Transparent Tribe has been identified as involved in an ongoing cyber espionage campaign targeting Android users in India and Pakistan . goat.
“Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp,” reports ESET shared with The Hacker News. said in
An estimated 150 victims were targeted, possibly of military or political affiliation, and the malware (com.meetup.app) was launched from a fake website masquerading as the official distribution center for these apps. You can download it.
It is suspected that attackers lure targets through honeytrap romance scams, where attackers approach victims through another platform and persuade them to install malware-laden apps under the pretext of “secure” messaging and calling.
However, in addition to delivering the promised functionality, these apps also embed CapraRAT, a modified version of the open-source AndroRAT first documented by Trend Micro in February 2022, known as CrimsonRAT. It overlaps with the Windows malware that is
The backdoor is packed with a suite of features that allow it to take screenshots and photos, record phone calls and surrounding audio, and steal other sensitive information. It can also make phone calls, send SMS messages, and receive commands to download files.
That said, users are also required to create an account by linking their phone number and completing an SMS verification procedure in order to access the app’s features.
Discover the latest malware evasion tactics and defense strategies
Ready to demystify the 9 most dangerous misconceptions about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!
reserve a seat
The Slovak cybersecurity firm said the campaign was narrowly targeted and found no evidence that the app was available on the Google Play store.
The Transparent Tribe, also known as APT36, Operation C-Major, and Mythic Leopard, was recently attributed to another series of attacks targeting government organizations in India using a malicious version of a two-factor authentication solution called Kavach. was doing.
The findings, published by cybersecurity firm ThreatMon, detail a spear-phishing campaign by SideCopy attackers targeting government agencies in India over the past few weeks with the aim of deploying an updated version of a backdoor known as ReverseRAT. It arrived later.
