Transparent Tribe Spread CapraRAT Via Fake Messaging AppsCampaign Mainly Targets Indian and Pakistani Android Users With Romance Honey Trap
A cyberespionage campaign using Trojanized apps implanted with a backdoor to exfiltrate sensitive data is making the rounds in India and Pakistan.
Cybersecurity firm Eset tracked the Pakistan-linked advanced persistent threat group Transparent Tribe running a romance scam through fake Android apps branded to appear as MeetsApp and MeetUp. The campaign mainly targets Indian and Pakistani android users. The apps contain CapraRAT spyware, a modified version of the open-source AndroRAT, which is similar to CrimsonRAT.
"Victims were probably targeted through a honey-trap romance scam, where they were initially contacted on another platform and then convinced to use supposedly "more secure" apps, which they were then lured into installing," write Eset researchers.
Active since 2016, Transparent Tribe is also known as APT36 and Earth Karkaddan and performs cyberespionage operations to collect sensitive information that supports Pakistani military and diplomatic interests.
Eset says poor operational security around the Trojanized apps exposed users' personal identifiable information, allowing researchers to find the location of 150 victims. Most were located in India, but there were also individuals in Pakistan, Oman, Egypt and Russia.