HQ/EMEAFind out how we can help your business
A new report earlier this week revealed the re-emergence of the CapraRAT spyware, which targets mobile gamers and weapons enthusiasts through malicious Android applications.
CapraRAT is a notorious Android remote access trojan malware leveraged by the Transparent Tribe threat group. This threat group, also known as APT36, allegedly operates in Pakistan and first appeared in 2018.
These threat actors commonly use the malware for surveillance purposes, specifically on Indian government and military-related individuals and human rights initiatives.
This RAT was initially propagated by its operators using bogus dating apps and social engineering techniques. However, the organisation broadened its strategy to include YouTube-mimicking programs over time. The attackers used these bogus apps to conduct massive data heist campaigns and malware activities on compromised devices.
The CapraRAT spyware reappeared in video browsing apps that contain lures for deceiving Android users.
Investigations have recently uncovered four new CapraRAT spyware Android Package Kits. These kits follow the attackers’ same campaign pattern of embedding malware in video browsing applications.
Researchers stated that the four new CapraRAT Android Package Kits, which include Crazy Game, Sexy Videos, TikToks, and Weapons, are attacker-generated apps that contain spyware designed to harvest personal data and monitor user activity.
CapraRAT APKs operate by attaching spyware within video browsing applications and leveraging WebView to launch URLs that appear legitimate, such as YouTube or CrazyGames.com.
The malicious programs require broad privileges, such as access to the victim’s GPS position and contacts and the capability to record audio and videos. These privileges allow the spyware to capture and exfiltrate sensitive data from the compromised smartphone, enabling the malware operators to steal data.
Furthermore, the researchers stated that these APKs also capitalise on Transparent Tribe’s social engineering tactics for delivering spyware, with minor changes to improve compatibility with newer Android devices and target a broader audience.
Android users should exercise caution when installing apps from unofficial sources and carefully review the permissions required by every software to avoid CapraRAT and other malicious downloads. Users should only download apps from reputable sources, such as the Google Play Store, to prevent or mitigate the risk posed by harmful software.
