Application security, Malware

Trojanized apps used for CapraRAT spyware delivery

Share
A green Google Android figure on digital blur background.

Malicious Android apps have been leveraged by Pakistan-linked hacking operation Transparent Tribe to facilitate the deployment of the CapraRAT spyware as part of a new surveillance campaign against gamers and weapons enthusiasts, reports The Hacker News.

Attacks involved the concealment of CapraRAT within the "Crazy Game," "Sexy Videos," "Weapons," and "TikToks" APKs, which when executed redirect to YouTube or the crazygames[.]com website while exploiting several permissions for location, SMS, and call log access, as well as phone calls, audio and video recording, and screenshot capturing, a report from SentinelOne showed.

Unlike the previous CapraRAT campaign, new intrusions no longer entailed requests for account authentication and package installations, among others, indicating Transparent Tribe's move toward surveillance, according to SentinelOne researcher Alex Delamotte.

"The decision to move to newer versions of the Android OS are logical, and likely align with the group's sustained targeting of individuals in the Indian government or military space, who are unlikely to use devices running older versions of Android, such as Lollipop which was released 8 years ago," said Delamotte.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.