Pakistan Linked Hacker Who Targets Indian Entities Spreading Malware Via Fake YouTube Apps

According to the cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving the disputed region of Kashmir.



Published: September 20, 2023 12:22 AM IST


By IANS

The hacker most recently targeted the Indian education sector. (Representational image)

New Delhi: ‘Transparent Tribe’, a suspected Pakistan-linked hacker known for targeting military and diplomatic personnel in both India and Pakistan, is using malicious Android apps mimicking YouTube to spread the CapraRAT mobile remote access trojan (RAT), a new report has shown.

According to the cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving the disputed region of Kashmir, as well as human rights activists working on matters related to Pakistan.

The hacker most recently targeted the Indian education sector.

“CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects,” said security researcher Alex Delamotte.

CapraRAT is an Android framework that hides RAT features inside of another application.

According to the report, Transparent Tribe spreads Android apps outside of the Google Play Store, relying on self-run websites and social engineering to lure users to install a weaponised application.

Earlier this year, the group distributed CapraRAT Android apps disguised as a ‘dating service’ that conducted spyware activity.

Moreover, the report found that one of the newly identified APKs reached out to a YouTube channel belonging to Piya Sharma, which has several short clips of a woman in various locales.

This APK also borrowed the individual’s name and likeness, suggesting that the hacker “continues to use romance-based social engineering techniques to convince targets to install the applications, and that Piya Sharma is a related persona”.

Upon installation, the apps request intrusive permissions that allow the malware to harvest and exfiltrate sensitive information to a hacker-controlled server with notable features such as — recording with the microphone, front & rear cameras, collecting SMS and multimedia message contents, call logs, sending SMS messages, blocking incoming SMS, initiating phone calls, and more, the report said.

“Transparent Tribe is a perennial actor with reliable habits. The relatively low operational security bar enables swift identification of their tools,” Delamotte said.

“Individuals and organisations connected to diplomatic, military, or activist matters in the India and Pakistan regions should evaluate defence against this actor and threat,” he added.






FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Todays Chronic is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – todayschronic.com. The content will be deleted within 24 hours.

Leave a Comment