Fake YouTube apps leveraged for CapraRAT malware distribution

Malicious Android apps impersonating YouTube have been used by Pakistan-linked hacking operation APT36, also known as Transparent Tribe, to facilitate the deployment of its CapraRAT backdoor in its cyberespionage operations against India and Pakistan, BleepingComputer reports. APT36 has been using third-party sites to distribute the APKs of the three trojanized apps, two of which were dubbed "YouTube" and the other called "Piya Sharma," which sought several risky permissions during installation, according to a SentinelLabs report. CapraRAT then proceeds not only to use devices' microphones and cameras to facilitate recording, gather SMS and multimedia messages and call logs, commence phone calls, and deliver and block SMS, but also perform screen captures, alter file system files, and override system settings, said researchers, who said that the observed enhancements in the CapraRAT malware used in the new campaign. Novel apps continuously leveraged by APT36 were also noted by researchers to counter its lack of operational security measures.