The hacker group APT36Also known as Transparent Tribeis exploiting at least three app Android passed off as YouTube in order to infect as many devices as possible. The campaign involves the installation of the remote access Trojan through malicious software Goat.
The malware in question, once installed on the victim’s device, can collect data, record audio and video or access sensitive information thanks to features that make it similar to one spyware.
APT36 is a group aligned with the government of Pakistan, already known for using malicious Android apps and targeted attacks on Indian government entities. This latest campaign was spotted by SentinelLabswhich warns people and organizations related to the military or diplomacy in India and Pakistan to be very careful about YouTube Android apps hosted on third-party sites.
At least 3 YouTube app clones spread CapraRAT malware
The YouTube clones we are talking about are spread on sites external to Google Playthrough file APK harmful. In some cases, the malicious software is simply named “YouTube” in other cases they present themselves as specific apps covering channels of the platform popular in India.
As is customary in this context, malware apps request numerous sensitive permissions during installation, some of which the victim might view without suspicion in the context of a media streaming app like YouTube.
Once CapraRAT is installed and active, this malicious agent is capable of:
- register with microphone, cameras front e posteriori what happens around the device;
- get SMS and call logs;
- send SMS and intercept those arriving;
- initiate phone calls;
- capture screenshot del display;
- manipulate system settings such as GPS tracking
- change i system files of the telephone.
Although this threat is, at least at the moment, limited to a portion of the Asian continent, it demonstrates how dangerous APK files are.
In this sense, despite Google’s recent precautions, it is still good practice to rely only on Google Play, avoiding third-party stores or, even worse, sites that allow the direct download of APKs.
