Anonymous 🐈️🐾☕🍵🏴🇵🇸 Jul 1, 2024

Transparent Tribe launches a new #Android malware campaign, targeting mobile users with #CapraRAT #spyware disguised as popular apps.

https://thehackernews.com/2024/07/caprarat-spyware-disguised-as-popular.html

#cybersecurity #hacking

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

Discover how Transparent Tribe's latest Android malware campaign targets mobile users, and learn about new threats like Snowblind in Southeast Asia.

The Hacker News
🛡 [email protected]/:~# Sep 19, 2023

"🔥 CapraTube Alert! Transparent Tribe's Sneaky Move 📺📲"

Transparent Tribe, a suspected Pakistani actor, has unveiled CapraTube, a deceptive Android application that mimics YouTube. SentinelLabs discovered three Android application packages (APKs) linked to Transparent Tribe's CapraRAT mobile remote access trojan (RAT). These apps give the illusion of being YouTube but are far less feature-rich than the genuine Android YouTube app.

CapraRAT is a potent tool, granting attackers control over vast amounts of data on infected Android devices. This RAT has been used for surveillance against targets related to the disputed Kashmir region and human rights activists focusing on Pakistan. The group distributes these Android apps outside the Google Play Store, using self-hosted websites and social engineering to lure users into installing weaponized applications.

In 2023, the group spread CapraRAT Android apps disguised as a dating service that carried out spyware activities. One of the newly identified APKs connects to a YouTube channel owned by Piya Sharma, suggesting the actor continues to employ romance-based social engineering tactics.

Key features of CapraRAT include:

  • Recording via microphone, front & rear cameras 🎥
  • Collecting SMS, multimedia message contents, call logs 📞
  • Sending SMS messages, blocking incoming SMS 📩
  • Initiating phone calls 📲
  • Taking screen captures 🖼️
  • Overriding system settings like GPS & Network 🛰️
  • Modifying files on the phone's filesystem 📁

For those in the India and Pakistan regions linked to diplomatic, military, or activist matters, it's crucial to be cautious of this actor and threat. Always be wary of apps outside the Google Play store and evaluate the permissions they request.

Source: SentinelOne Labs

Tags: #CapraTube #TransparentTribe #CapraRAT #CyberSecurity #AndroidMalware #SentinelLabs #MobileSecurity #APT 🌐🔐📱

Author: Alex Delamotte.

CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones

Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.

SentinelOne
VulDB Mar 17, 2023
[IOC] 4 new indicators improve the understanding of CapraRAT https://vuldb.com/?actor.caprarat #caprarat #apt #cti #ioc
CapraRAT Analysis

Predictive activity analysis of CapraRAT in social media, private forums, chat rooms, and darknet markets.

Jessica BeffaMar 7, 2023

Today~ @ESETresearch identified an active #TransparentTribe #APT36 campaign targeting Indian and Pakistani officials through fake Android “secure messaging” apps in a romance scam, distributing the #CapraRAT backdoor - More at WeLiveSecurity:

https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/

Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials | WeLiveSecurity

ESET researchers analyze a campaign that has been distributing CapraRAT backdoors through trojanized and supposedly secure Android messaging apps.

WeLiveSecurity