We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Transparent Tribe

LNK Files And SSH Commands: A New Cyber Attack Trend In 2024
Tech Optimizer
December 19, 2024

LNK Files And SSH Commands: A New Cyber Attack Trend In 2024

Cyber attackers are increasingly using malicious LNK files, which disguise themselves as harmless shortcuts, as an infection vector in 2024. Security experts, particularly Cyble Research and Intelligence Labs (CRIL), have noted a significant rise in this tactic. Attackers leverage LNK files to gain access to systems, triggering malicious actions that can deploy advanced malware. This method reflects a shift in attack vectors aimed at bypassing traditional security measures. One primary technique in these attacks is the exploitation of Living-off-the-Land Binaries (LOLBins), which are trusted system binaries manipulated to execute harmful commands without external malware. Attackers have refined their methods to evade detection by endpoint detection and response (EDR) solutions. Recent campaigns have incorporated SSH commands within malicious LNK files, allowing attackers to establish persistent connections and download malicious files from remote servers. This use of SSH is concerning as it is not typically associated with Windows systems, making it harder for conventional security measures to detect. Threat actors have also used SSH commands to execute malicious PowerShell or CMD commands indirectly through LNK files. For example, a malicious LNK file was found to trigger a PowerShell script that downloaded a malicious payload. Advanced Persistent Threat (APT) groups, known for their long-term cyber espionage, are increasingly utilizing these techniques, with groups like Transparent Tribe deploying stealer malware using similar methods. The combination of LNK files and SSH commands presents a significant threat to organizations, necessitating enhanced monitoring and detection systems to identify abnormal activities. Security teams must evolve EDR solutions to recognize malicious SSH and SCP activity, especially in environments where SSH is not commonly used. Additionally, organizations should restrict the use of legitimate SSH utilities and disable unnecessary features to minimize the attack surface.
CapraRAT Spyware Masks As Popular Android Apps
AppWizard
July 18, 2024

CapraRAT Spyware Masks As Popular Android Apps

The CapraRAT spyware attack campaigns were discovered in September 2023 by SentinelOne, known as the CapraTube campaign. The spyware is disguised as popular Android apps like YouTube and has advanced capabilities to access sensitive data such as call logs, messages, and locations. The spyware can also record audio or video, take screenshots, and make phone calls. The use of sophisticated techniques by threat actors highlights the increasing severity of cyber espionage tactics.
CapraRAT malware targeting Android users with fake apps
AppWizard
July 4, 2024

CapraRAT malware targeting Android users with fake apps

A politically motivated threat actor known as Transparent Tribe, backed by the Pakistani state, has launched a new malware campaign targeting Android devices. The malware, called CapraRAT, disguises itself as popular apps and is designed to spy on user activity, particularly focusing on users in India. CapraRAT is capable of tracking GPS positions, reading SMS messages and contacts, managing network connections, and monitoring user browsing. Researchers believe it is being used more as spyware and surveillance tool rather than a remote access trojan. Users are advised to only download software from trusted app stores and to be cautious of apps that request unusually invasive permissions and hardware access.
Trojanized apps used for CapraRAT spyware delivery
AppWizard
July 2, 2024

Trojanized apps used for CapraRAT spyware delivery

Transparent Tribe, a hacking operation linked to Pakistan, has been using malicious Android apps to deploy the CapraRAT spyware in a surveillance campaign targeting gamers and weapons enthusiasts. The attacks involved hiding CapraRAT within popular apps like "Crazy Game," "Sexy Videos," "Weapons," and "TikToks" APKs, exploiting various permissions for location, SMS, call log access, phone calls, audio and video recording, and screenshot capturing. The recent intrusions did not require account authentication or package installations, indicating a shift towards surveillance activities. Targeting newer versions of the Android OS makes sense as Transparent Tribe focuses on individuals within the Indian government or military who are less likely to use older Android versions like Lollipop.
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
AppWizard
July 1, 2024

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

- Transparent Tribe continues malware campaign targeting Android users - Group embedding spyware into curated video browsing applications targeting mobile gamers, weapons enthusiasts, and TikTok fans - Campaign dubbed CapraTube delivering spyware called CapraRAT - CapraRAT used in attacks targeting Indian government and military personnel - New malicious APK files identified - CapraRAT abusing permissions to access sensitive data - Malware developers focusing on making the tool more reliable and stable - Snowblind, a novel type of Android banking malware, discovered using seccomp technique to bypass anti-tampering mechanisms - Malware authors in Southeast Asia becoming extremely sophisticated
Search