Pak-linked hacker who targets Indian entities spreading malware via fake YouTube apps

According to the cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving the disputed region of Kashmir, as well as human rights activists working on matters related to Pakistan.

'Transparent Tribe', a suspected Pakistan-linked hacker known for targeting military and diplomatic personnel in both India and Pakistan, is using malicious Android apps mimicking YouTube to spread the CapraRAT mobile remote access trojan (RAT), a new report has shown.

According to the cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving the disputed region of Kashmir, as well as human rights activists working on matters related to Pakistan.

Advertisement

The hacker most recently targeted the Indian education sector.

"CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," said security researcher Alex Delamotte.

Advertisement

CapraRAT is an Android framework that hides RAT features inside of another application.

According to the report, Transparent Tribe spreads Android apps outside of the Google Play Store, relying on self-run websites and social engineering to lure users to install a weaponised application. 

Advertisement

Earlier this year, the group distributed CapraRAT Android apps disguised as a 'dating service' that conducted spyware activity.

Moreover, the report found that one of the newly identified APKs reached out to a YouTube channel belonging to Piya Sharma, which has several short clips of a woman in various locales. 

Advertisement

This APK also borrowed the individual’s name and likeness, suggesting that the hacker "continues to use romance-based social engineering techniques to convince targets to install the applications, and that Piya Sharma is a related persona".

Upon installation, the apps request intrusive permissions that allow the malware to harvest and exfiltrate sensitive information to a hacker-controlled server with notable features such as -- recording with the microphone, front & rear cameras, collecting SMS and multimedia message contents, call logs, sending SMS messages, blocking incoming SMS, initiating phone calls, and more, the report said.

Advertisement

"Transparent Tribe is a perennial actor with reliable habits. The relatively low operational security bar enables swift identification of their tools," Delamotte said. 

"Individuals and organisations connected to diplomatic, military, or activist matters in the India and Pakistan regions should evaluate defence against this actor and threat," he added.

Advertisement

Read also| Google wants you to map missing roads via Road Mapper globally

Read also| Intel heralds ‘Siliconomy’ era as AI PCs set to dominate our lives

Advertisement

tags
Advertisement