Pakistan-linked hackers using these three apps as spywares to target Android users in INDIA

A Pakistan-linked hacker group named ‘Transparent Tribe’ is using fake Android apps and mimicking YouTube to spread the CapraRAT mobile remote access trojan (RAT).

Transparent Tribe also known as APT36. They target Indian entities for intelligence-gathering purposes, relying on an arsenal of tools capable of infiltrating Windows, Linux, and Android systems. According to PCrisk, CapraRAT is the name of an Android remote access that’s been active since 2013 and typically targets military and diplomatic personnel in both India and Pakistan. It is known that CapraRAT is used by an advanced persistent threat group (ATP) called APT36.

CapraRAT Doing RAT Things

Two of the packages aim to trick users and make them download what they think is the legitimate YouTube app, and a third uses romance-based social engineering by reaching out to a YouTube channel belonging to a persona called “Piya Sharma,” which includes uploads of several short clips of a woman in various locations. In a campaign earlier this year, the group also distributed CapraRAT via Android apps disguised as a dating service, which has become a common lure theme for delivering the malware. Once downloaded, the malicious app requests several device permissions, some that make sense for YouTube, like, taking photos and videos, and gaining microphone access. Other requested permissions, like, the ability to send, receive, and read SMS messages. 

“These apps mimic the appearance of YouTube, though they are less fully featured than the legitimate native Android YouTube application,” SentinelLabs security researcher Alex Delamotte has said.

Defense Measures against These Spywares

Android users should never install Android applications distributed outside of the Google Play store and should avoid downloading new social media applications advertised in various social media communities. In addition to those people also should evaluate the permissions requested by an application that they download. To make sure that they are safe people should never install a third-party version of an application that’s already present on their device.