![]() The backdoor can also receive commands to download files, make calls, and send SMS messages. The backdoor can take screenshots and photos, record phone calls and surrounding audio, and exfiltrate any other sensitive information. Transparent Tribe, also known as APT36, is a cyberespionage group known to use CapraRAT. ![]() “We identified this campaign when analyzing a different malware sample posted on Twitter,” says Štefanko.īesides the inherent working chat functionality of the original MeetUp and MeetsApp apps, the trojanized versions include malicious code that ESET has identified as that of the CapraRAT backdoor. ![]() Finding a mobile number or an email address they can use to make first contact is usually not difficult,” explains ESET researcher Lukáš Štefanko, who discovered the campaign. We have previously seen such honey-trap baits being used by Transparent Tribe operators against their targets. “The victims were persuaded to use the MeetsApp or MeetUp app. The threat campaign most likely has been active since July 2022. ESET researchers were able to geolocate over 150 victims from India and Pakistan as well as from Russia, Oman, and Egypt. The victims were probably targeted through a honey-trap romance scam, in which they were initially contacted on another platform and then convinced to use supposedly “more secure” apps, which they were then lured into installing. ![]() This campaign is still active and is being run by the Transparent Tribe APT group, with the targets being mostly Indian and Pakistani Android users - presumably with a military or political orientation. DUBAI, UNITED ARAB EMIRATES, Ma/ / - ESET researchers have analyzed a cyberespionage campaign distributing CapraRAT backdoors through trojanized and supposedly “secure” Android messaging apps that exfiltrate sensitive information. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |