Security researchers have uncovered a cyber espionage campaign primarily targeting victims in India and Pakistan using an Android messaging app containing backdoor malware.
According to ESET, vulnerable OpSec was able to identify more than 150 victims, some of whom also resided in Russia, Oman, and Egypt.
The use of the CapraRAT backdoor and IP addresses found in the group’s previous campaigns attributed this campaign to the Transparent Tribe (APT36) of actors with ties to the State of Pakistan.
“Backdoors can take screenshots and photos, record phone calls and surrounding sounds, and steal other sensitive information,” ESET said.
“The backdoor can also receive commands such as downloading files, making phone calls, and sending SMS messages. Nothing to suggest.”
CapraRAT disguised itself as two legitimate-looking applications, so-called secure Android chat apps ‘MeetsApp’ and ‘MeetUp’, distributed via malicious websites hosted by APT36.
“Given that only a handful of individuals were compromised, it is likely that potential victims were targeted and lured using romance schemes. Initial contact is most likely to be established via messaging platforms,” ESET explained.
“After gaining the victim’s trust, the victim suggested moving to another allegedly more secure chat app available on one of the malicious distribution websites.”
The security vendor’s decision is based on the fact that APT36 has previously used honey trap romance scams to lure victims. He added that the victims were likely to be military or politicians.
The campaign was still active at the time of writing.
