'Transparent Tribe', a suspected Pakistan-linked hacker is reportedly using malicious Android apps mimicking YouTube to spread the CapraRAT mobile remote access trojan (RAT). According to the cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving Kashmir, as well as human rights activists working on matters related to Pakistan. Trend Micro, their research team noted that CapraRAT may be loosely based on the AndroRAT source code.
The hacker group is known for targeting military and diplomatic personnel in both India and Pakistan. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," said security researcher Alex Delamotte. CapraRAT is an Android framework that hides RAT features inside of another app. This means that these dangerous apps are not there on Google Play Store. According to the report, Transparent Tribe hackers spreads these Android apps outside of the Google Play Store, relying on self-run websites and social engineering techniques to lure users to install According to the report, Transparent Tribe spreads Android apps outside of the Google Play Store, relying on self-run websites and social engineering to lure users to install these fake apps. This means these are APK files of fake versions of popular Android apps. The latest set of Android package (APK) files discovered by SentinelOne are engineered to masquerade as YouTube, one of which reaches out to a YouTube channel belonging to "Piya Sharma.
The app is reportedly named after its namesake, indicating that hackers are using romance-based phishing techniques to trap targets into installing these apps.
The list of apps is as follows:
* com.Base.media.service
* com.moves.media.tubes
* com.videos.watchs.share
How these apps track Android users activity
* Record with the microphone, front and rear cameras
* Collect SMS and multimedia message contents, call logs
* Send SMS messages, block incoming SMS
* Initiate phone calls
* Take screen captures
* Override system settings such as GPS and Network
* Modify files on the phone’s filesystem
The hacker group is known for targeting military and diplomatic personnel in both India and Pakistan. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," said security researcher Alex Delamotte. CapraRAT is an Android framework that hides RAT features inside of another app. This means that these dangerous apps are not there on Google Play Store. According to the report, Transparent Tribe hackers spreads these Android apps outside of the Google Play Store, relying on self-run websites and social engineering techniques to lure users to install According to the report, Transparent Tribe spreads Android apps outside of the Google Play Store, relying on self-run websites and social engineering to lure users to install these fake apps. This means these are APK files of fake versions of popular Android apps. The latest set of Android package (APK) files discovered by SentinelOne are engineered to masquerade as YouTube, one of which reaches out to a YouTube channel belonging to "Piya Sharma.
The app is reportedly named after its namesake, indicating that hackers are using romance-based phishing techniques to trap targets into installing these apps.
The list of apps is as follows:
* com.Base.media.service
* com.moves.media.tubes
* com.videos.watchs.share
How these apps track Android users activity
* Record with the microphone, front and rear cameras
* Collect SMS and multimedia message contents, call logs
* Send SMS messages, block incoming SMS
* Initiate phone calls
* Take screen captures
* Override system settings such as GPS and Network
* Modify files on the phone’s filesystem
