A politically motivated threat actor has recently launched a new malware campaign targeting Android devices, according to researchers at SentinelLabs. The hacking crew behind this campaign, known as Transparent Tribe and backed by the Pakistani state, has introduced a new tool called CapraRAT. This trojan is designed to spy on user activity, with a focus on users in India as primary targets.
Disguised as Popular Apps
Similar to previous campaigns by Transparent Tribe, CapraRAT disguises itself as popular Android apps such as TikTok, Forgotten Weapons, a "Sexy Videos" app, and a mobile game called "Crazy Games." When users launch the malware, the fake app redirects the device to a legitimate-looking site or YouTube channel to deceive the targets.
Despite being classified as a remote access trojan (RAT), researchers believe that CapraRAT is being used more as spyware and a surveillance tool rather than a backdoor or remote control malware. The malware is capable of tracking GPS positions, reading SMS messages and contacts, managing network connections, and monitoring user browsing.
Common Tactics and Sophisticated Coding
Using fake apps to conceal malware is a common tactic for infecting mobile devices. Transparent Tribe had previously conducted a trojan campaign involving another saucy videos app. The latest campaign includes the use of the Sexy Videos app, which launches YouTube with a related query.
The SentinelLabs team observed that the malware writers are becoming more skilled and sophisticated in their coding practices. The apps from the new campaign ran smoothly on the latest version of Android, prompting a compatibility warning dialog that could raise suspicions among victims.
Precautionary Measures
Users are advised to download software only from trusted app stores and to be cautious of apps that request unusually invasive permissions and hardware access.