Security News > 2022 > February > New CapraRAT Android Malware Targets Indian Government and Military Personnel
A politically motivated advanced persistent threat group has expanded its malware arsenal to include a new remote access trojan in its espionage attacks aimed at Indian military and diplomatic entities.
Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "Degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth Karkaddan, a threat actor that's also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.
The first concrete signs of APT36's existence appeared in 2016 as the group began distributing information-stealing malware through phishing emails with malicious PDF attachments targeting Indian military and government personnel.
The new addition to its toolset is yet another custom Android RAT that's deployed by means of phishing links.
In May 2018, human rights defenders in Pakistan were targeted by Android spyware named StealthAgent to intercept phone calls and messages, siphon photos, and track their whereabouts.
Attack campaigns mounted by Transparent Tribe involved leveraging military-themed lures to drop a modified version of the AhMyth Android RAT that masqueraded as a porn-related app and a fake version of the Aarogya Setu COVID-19 tracking app.
News URL
https://thehackernews.com/2022/02/new-caprarat-android-malware-targets.html
Related news
- PixPirate Android malware uses new tactic to hide on phones (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Finland warns of Android malware attacks breaching bank accounts (source)