CATEGORIES
home News

CapraRAT Malware Targets Android Users By Spoofing YouTube, What You Need To Know

by Nathan OrdTuesday, September 19, 2023, 12:01 PM EDT
pakistani hackers using android apps to deliver spyware
If it doesn’t come directly from the Google Play Store, do not download or install whatever application it is. This simple rule could protect you from malware such as that from the Transparent Tribe, a suspected Pakistani threat actor who is hiding remote access tool (RAT) features inside another application that appears to be legitimate.

The Transparent Tribe is believed to be a Pakistani group or actor that is targeting both military and diplomatic individuals in Pakistan as well as India. The goal of the threat actor(s) is to spear-phish targets “privy to affairs involving the disputed region of Kashmir, as well as human rights activists working on matters related to Pakistan,” according to the SentinelLABS report. In this endeavor, the group has employed CapraRAT, an Android RAT that is disguised as a legitimate application.

youtube pakistani hackers using android apps to deliver spyware
One of the CapraRAT APKs steals YouTube's icon and loads YouTube in a webpage in app.

Previously, CapraRAT was disguised as a dating service that was hosted on Transparent Tribe websites, utilizing social engineering techniques to get users to download the malware. Now, though, it appears that CapraRAT is disguising itself as the YouTube app wholesale or spoofing an app for a YouTube channel belonging to Piya Sharma. This latter version of CapraRAT indicates to the SentinelLABS team that “the actor continues to use romance-based social engineering techniques to convince targets to install the applications, and that Piya Sharma is a related persona.”

perms pakistani hackers using android apps to deliver spyware
The Piya Sharma version of CapraRAT requests many permissions to enable spying and snooping.

Regardless of how CapraRAT might get onto your device, it is rather spooky if it does manage to get installed. The researchers note that CapraRAT can record with the microphone or any camera, collect or send SMS and MMS messages, read call logs or initiate phone calls, take screenshots, override system settings, and modify files on the phone. Any collected data is then sent off to the Transparent Tribe command-and-control (C2) servers, which have been associated with the group for some time.

With this information in mind, SentinelLABS recommends, "Individuals and organizations connected to diplomatic, military, or activist matters in the India and Pakistan regions should evaluate defense against this actor and threat.” However, this is also a good opportunity for everyone in the Android ecosystem to know that threat actors are leveraging non-Play Store-distributed Android apps to deliver malware. As such, users should not install apps outside the Play Store and be wary of social engineering techniques that might get people to install an overly-permissive Android app that could prove to be a security risk.
Tags:  Android, security, Spyware, (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment