Alert: Pakistan-linked hackers are using these apps to target Android users in India, report says
In a recent cybersecurity-related case, a notorious hacker group known as ‘Transparent Tribe,’ believed to be operating out of Pakistan, has raised concerns by employing a malicious strategy involving fake Android applications posing as YouTube. The target behind this deceptive move is the spread of the CapraRAT mobile remote access trojan (RAT).
According to SentinelOne, a prominent cybersecurity firm, the CapraRAT toolset, which this hacker group uses, has been used for conducting surveillance on specific targets related to Kashmir as well as human rights activists engaged in issues related to Pakistan.
“CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects,” security researcher Alex Delamotte was quoted by GadgetsNow.
Transparent Tribe hackers are using a deceitful technique to spread malicious Android apps that are fake and are nowhere to be found on the Google Play Store. These apps are tailor-made to hide harmful Remote Access Trojan (RAT) features within them helping attackers gain remote control over the target’s phone.
com.Base.media.service, com.moves.media.tubes and com.videos.watchs.share are some of the malicious apps you should be aware of. These apps record victim’s activity through various means like recording voices through microphone, gaining access to images through camera, syphoning the SMS and even blocking incoming SMS, initiating phone calls, staking screen grabs and more, They basically take full control over the target’s phone through these fake apps.
According to the report, the Transparent Tribe hackers are employing a clever strategy. They distribute these Android apps through their own websites and by manipulating unsuspecting users through social engineering tactics. The aim is to trick people into downloading and installing what appears to be legitimate applications, but in reality, these are APK (Android Package) files containing fake versions of well-known Android apps.
What makes this android attack even more concerning is that these fake apps pose as popular Android apps such as YouTube, a widely used platform for videos.