Home Security Clear Tribe Hackers Distribute CapraRAT through Trojanized Messaging Apps

Clear Tribe Hackers Distribute CapraRAT through Trojanized Messaging Apps

by crpt os


Mar 07, 2023Ravie LakshmananSpyware / Cyber Espionage

A suspected Pakistan-aligned advanced persistent threat (APT) group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT.

“Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp,” ESET said in a report shared with The Hacker News.

As many as 150 victims, likely with military or political leanings, are estimated to have been targeted, with the malware (com.meetup.app) available to download from fake websites that masquerade as the official distribution centers of these apps.

It’s being suspected that the targets are lured through a honeytrap romance scam wherein the threat actor approaches the victims via another platform and persuades them to install the malware-laced apps under the pretext of “secure” messaging and calling.

However, the apps, besides offering the promised functionality, come implanted with CapraRAT, a modified version of the open source AndroRAT that was first documented by Trend Micro in February 2022 and which exhibits overlaps with a Windows malware known as CrimsonRAT.

CapraRAT backdoor

The backdoor is packed with an extensive set of features that allows it to take screenshots and photos, record phone calls and surrounding audio, and exfiltrate other sensitive information. It can also make calls, send SMS messages, and receive commands to download files.

That having said, users are also required to create an account by linking their phone numbers and completing an SMS verification step in order to access the app’s functionalities.

Discover the Latest Malware Evasion Tactics and Prevention Strategies

Ready to bust the 9 most dangerous myths about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!

RESERVE YOUR SEAT

The Slovak cybersecurity company stated the campaign is narrowly targeted and that it found no evidence that indicates the apps were available on the Google Play Store.

Transparent Tribe, also referred to as APT36, Operation C-Major, and Mythic Leopard, was recently attributed to another set of attacks targeting Indian government organizations with malicious versions of a two-factor authentication solution called Kavach.

The findings also arrive weeks after cybersecurity firm ThreatMon detailed a spear-phishing campaign by SideCopy actors targeting Indian government entities with an aim to deploy an updated version of a backdoor known as ReverseRAT.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex