Security News > 2023 > September > APT36 state hackers infect Android devices using YouTube app clones
The APT36 hacking group, aka 'Transparent Tribe,' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan, 'CapraRAT.'.
APT36 is a Pakistan-aligned threat actor known for using malicious or laced Android apps to attack Indian defense and government entities, those dealing with Kashmir region affairs, and human rights activists in Pakistan.
This latest campaign was spotted by SentinelLabs, which warns people and organizations linked to military or diplomacy in India and Pakistan to be very wary of YouTube Android apps hosted on third-party sites.
During installation, the malware apps request numerous risky permissions, some of which the victim might treat without suspicion for a media streaming app like YouTube.
The interface of the malicious apps attempts to imitate Google's real YouTube app, but it resembles a web browser rather than the native app due to using WebView from within the trojanized app to load the service.
Hackers steal Signal, WhatsApp user data with fake Android chat app.