Endpoint Security , Fraud Management & Cybercrime , Social Engineering

Transparent Tribe Spread CapraRAT Via Fake Messaging Apps

Campaign Mainly Targets Indian and Pakistani Android Users With Romance Honey Trap
Transparent Tribe Spread CapraRAT Via Fake Messaging Apps

A cyberespionage campaign using Trojanized apps implanted with a backdoor to exfiltrate sensitive data is making the rounds in India and Pakistan.

See Also: OnDemand Webinar | Hacking Biometrics: If You Thought Your Fingerprints Were Safe, Think Again!

Cybersecurity firm Eset tracked the Pakistan-linked advanced persistent threat group Transparent Tribe running a romance scam through fake Android apps branded to appear as MeetsApp and MeetUp. The campaign mainly targets Indian and Pakistani android users. The apps contain CapraRAT spyware, a modified version of the open-source AndroRAT, which is similar to CrimsonRAT.

"Victims were probably targeted through a honey-trap romance scam, where they were initially contacted on another platform and then convinced to use supposedly "more secure" apps, which they were then lured into installing," write Eset researchers.

Active since 2016, Transparent Tribe is also known as APT36 and Earth Karkaddan and performs cyberespionage operations to collect sensitive information that supports Pakistani military and diplomatic interests.

Eset says poor operational security around the Trojanized apps exposed users' personal identifiable information, allowing researchers to find the location of 150 victims. Most were located in India, but there were also individuals in Pakistan, Oman, Egypt and Russia.


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.