Trend Micro’s CapraRAT implant is an Android RAT with a high “degree of crossover” with another Windows malware known as CrimsonRAT, which is associated with Earth Karkaddan, a threat actor also known as APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.

In its espionage attacks against Indian military and diplomatic entities, a politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT).

The first evidence of APT36’s existence appeared in 2016, when the group began distributing information-stealing malware through phishing emails with malicious PDF attachments aimed at Indian military and government personnel. The group is thought to be of Pakistani origin and has been active since at least 2013.

The threat actor is also known for being consistent in its techniques, with attacks primarily depend on social engineering and a USB-based worm as entry points. A Windows backdoor called CrimsonRAT, which allows the attackers extensive access to compromised systems, is a common element in the group’s arsenal, though recent campaigns have evolved to deliver ObliqueRAT.

This is far from the hacking group’s first use of Android RATs. Human rights defenders in Pakistan were targeted in May 2018 by Android spyware called StealthAgent , which intercepted phone calls and messages, syphoned photos, and tracked their whereabouts.

Then, in 2020, Transparent Tribe used military-themed lures to drop a modified version of the AhMyth Android RAT disguised as a porn-related app and a fake version of the Aarogya Setu COVID-19 tracking app.

Finally the researchers concluded that , “Users are advised to be wary of unsolicited emails, avoid clicking on links or downloading email attachments from unknown senders, install apps only from trusted sources, and exercise caution when granting permissions requested by the apps”.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s