Summary: The report warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications.
Threat Actor: Transparent Tribe, also known as APT36 | Transparent Tribe
Victim: Mobile gamers and weapons enthusiasts | Mobile gamers and weapons enthusiasts
Key Point :
- The CapraRAT spyware, used by Transparent Tribe, is primarily used for surveillance and has targeted Indian government and military personnel and human rights activists.
- The malware was initially distributed through fake dating apps and has now expanded to include YouTube-mimicking applications for data harvesting and spyware activities.
- SentinelLabs has identified four new CapraRAT Android Package Kits that continue to embed spyware in video applications.
A new report released today by SentinelLabs, the research arm of listed cybersecurity company SentinelOne Inc., warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications.
CapraRAT is an Android remote-access trojan virus used by a Pakistan-linked threat actor called Transparent Tribe, also known as APT36, which first emerged around 2018. The malware has primarily been used for surveillance, targeting Indian government and military personnel and human rights activities.
CapraRAT was initially distributed via fake dating apps and social engineering tactics. Over time, the group expanded its approach to include YouTube-mimicking applications, leveraging these fake apps to perform extensive data harvesting and spyware activities on the infected devices.
Recently, SentinelLabs has identified four new CapraRAT Android Package Kits that are building on the attack group’s trend of continuing to embed spyware in video browsing applications. The four new CapraRAT Android Package Kits — Crazy Game, Sexy Videos, TikToks and Weapons (pictured) — embed spyware that targets mobile gamers, weapons enthusiasts and TikTok fans, aiming to collect sensitive data and monitor user activities.
The CapraRAT APKs work by embedding spyware within video browsing applications, using WebView to launch URLs that appear legitimate, such as YouTube or CrazyGames.com. The malicious apps request extensive permissions, including access to GPS location and contacts and the ability to record audio and video, enabling the spyware to collect and exfiltrate sensitive data from the victim’s device.
The SentinelLabs research notes that the APKs continue Transparent Tribe’s tactics of social engineering to deliver their spyware, making minor updates to enhance compatibility with newer Android versions and target a broader audience.
To avoid CapraRAT and other malicious downloads, users are advised to be cautious when downloading apps from unofficial sources and to scrutinize the permissions requested by any app. Making sure that apps are downloaded from trusted sources, such as the Google Play Store, can help mitigate the risk of installing such malicious software.
Images: SentinelLabs
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU
“An interesting youtube video that may be related to the article above”