According to reports from The Hacker News, a hacking operation linked to Pakistan, known as Transparent Tribe, has been utilizing malicious Android apps to deploy the CapraRAT spyware in a new surveillance campaign targeting gamers and weapons enthusiasts.
CapraRAT Hidden in Popular Apps
The attacks involved hiding CapraRAT within popular apps such as “Crazy Game,” “Sexy Videos,” “Weapons,” and “TikToks” APKs. When these apps were opened, they would redirect users to YouTube or the crazygames[.]com website while exploiting various permissions for location, SMS, call log access, phone calls, audio and video recording, and screenshot capturing, as revealed in a report by SentinelOne.
A Shift in Tactics
Unlike previous campaigns, the recent intrusions did not require account authentication or package installations, indicating Transparent Tribe’s shift towards surveillance activities, as noted by SentinelOne researcher Alex Delamotte. Delamotte also pointed out that the decision to target newer versions of the Android OS makes sense, as the group continues to focus on individuals within the Indian government or military who are less likely to use older Android versions like Lollipop, which was released 8 years ago.
This new approach underscores the evolving nature of cyber threats and the importance of staying vigilant against malicious Android apps. As Transparent Tribe continues to refine its tactics, it remains crucial for users to be aware of the potential risks associated with downloading and using seemingly innocuous applications.