Transparent Tribe spread CapraRAT via fake Messaging Apps
Endpoint Security , Fraud Management & Cybercrime , Social Engineering
Campaign Mainly Targets Indian And Pakistani Android Users with Romance Honey Trap Anviksha More (AnvikshaMore) • March 8, 2023
A cyberespionage campaign using Trojanized apps implanted with a backdoor to exfiltrate sensitive data is doing the rounds in India and Pakistan.
See Also: OnDemand | Navigating the Difficulties of Patching OT
Cybersecurity firm Eset tracked a Pakistan-linked advanced persistent threat group Transparent Tribe running a romance scam through fake Android apps branded to appear as apps branded as MeetsApp and MeetUp. The campaign mainly targets Indian and Pakistani android users. The apps contain CapraRAT spyware, a modified version of the open-source AndroRAT, which is similar to CrimsonRAT.
“Victims were probably targeted through a honey-trap romance scam, where they were initially contacted on another platform and then convinced to use supposedly “more secure” apps, which they were then lured into installing,” write Eset researchers.
Active since 2016, Transparent Tribe is additionally known as APT36 and Earth Karkaddan and performs cyber-espionage operations with the intent of collecting sensitive information that supports Pakistani military and diplomatic interests.
Eset says poor operational security around the Trojanized apps exposed user personally identifying information, allowing researches to find the location of 150 victims. Most were located in India, but among their number were individuals in Pakistan, Oman, Egypt and Russia.