Summary: An APT group linked to Pakistan, referred to as APT36 or Transparent Tribe, has launched a fake website mimicking India’s postal system to infect users on both Windows and Android platforms. The site delivers malware through a deceptive PDF for Windows users and a malicious app for Android users, both of which are designed to harvest sensitive information. This campaign exemplifies the emerging tactic of “ClickFix,” which is increasingly used by cybercriminals to exploit unsuspecting users.
Affected: India’s public sector postal system, users of Windows and Android devices
Keypoints :
- Fraudulent website “postindia[.]site” mimics the India Post postal system.
- Windows users are directed to download a malicious PDF, while Android users are prompted to install a harmful app.
- The Android app disguises its icon and requests extensive permissions to exfiltrate sensitive data.
- APT36 is suspected of using this strategy to target both unaware and technically savvy users.
- The campaign highlights the risks associated with the ClickFix tactic, which is increasingly exploited by various cybercriminals.
Source: https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html