Malicious Android Apps Used by Transparent Tribe for Surveillance Campaign
According to reports from The Hacker News, a hacking operation linked to Pakistan, known as Transparent Tribe, has been utilizing malicious Android apps to deploy the CapraRAT spyware in a new surveillance campaign targeting gamers and weapons enthusiasts.
The attacks involved hiding CapraRAT within popular apps such as “Crazy Game,” “Sexy Videos,” “Weapons,” and “TikToks” APKs. When these apps were opened, they would redirect users to YouTube or the crazygames[.]com website while exploiting various permissions for location, SMS, call log access, phone calls, audio and video recording, and screenshot capturing, as revealed in a report by SentinelOne.
Unlike previous campaigns, the recent intrusions did not require account authentication or package installations, indicating Transparent Tribe’s shift towards surveillance activities, as noted by SentinelOne researcher Alex Delamotte.
Delamotte also pointed out that the decision to target newer versions of the Android OS makes sense, as the group continues to focus on individuals within the Indian government or military who are less likely to use older Android versions like Lollipop, which was released 8 years ago.
