Trojanized messaging apps used for CapraRAT deployment

Suspected Pakistani advanced persistent threat operation Transparent Tribe, also known as APT36, Mythic Leopard, and Operation C-Major, has leveraged trojanized messaging apps MeetUp and MeetsApp to facilitate distribution of the CapraRAT backdoor to Android device users in India and Pakistan, The Hacker News reports. Individuals targeted by the ongoing cyberespionage campaign have been lured to download the CapraRAT malware-laced messaging apps from fraudulent websites via a honeytrap romance scam, according to an ESET report. CapraRAT, which was found to have similarities with the CrimsonRAT Windows malware, features screenshot and photo capturing, phone call and audio recording, and data exfiltrating capabilities. Prior to the ongoing cyberespionage campaign, Transparent Tribe has been noted to be involved in malicious Kavach two-factor authentication tool attacks against Indian government entities. Indian government organizations were also noted by ThreatMon to be recently subjected to a spear-phishing campaign by SideCopy attackers aimed at distributing an updated ReverseRAT backdoor.