UPDATED 06:00 EST / JULY 01 2024

SECURITY

SentinelLabs uncovers new CapraRAT spyware targeting Android users

A new report released today by SentinelLabs, the research arm of listed cybersecurity company SentinelOne Inc., warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications.

CapraRAT is an Android remote-access trojan virus used by a Pakistan-linked threat actor called Transparent Tribe, also known as APT36, which first emerged around 2018. The malware has primarily been used for surveillance, targeting Indian government and military personnel and human rights activities.

CapraRAT was initially distributed via fake dating apps and social engineering tactics. Over time, the group expanded its approach to include YouTube-mimicking applications, leveraging these fake apps to perform extensive data harvesting and spyware activities on the infected devices.

Recently, SentinelLabs has identified four new CapraRAT Android Package Kits that are building on the attack group’s trend of continuing to embed spyware in video browsing applications. The four new CapraRAT Android Package Kits — Crazy Game, Sexy Videos, TikToks and Weapons (pictured) — embed spyware that targets mobile gamers, weapons enthusiasts and TikTok fans, aiming to collect sensitive data and monitor user activities.

The CapraRAT APKs work by embedding spyware within video browsing applications, using WebView to launch URLs that appear legitimate, such as YouTube or CrazyGames.com. The malicious apps request extensive permissions, including access to GPS location and contacts and the ability to record audio and video, enabling the spyware to collect and exfiltrate sensitive data from the victim’s device.

The SentinelLabs research notes that the APKs continue Transparent Tribe’s tactics of social engineering to deliver their spyware, making minor updates to enhance compatibility with newer Android versions and target a broader audience.

To avoid CapraRAT and other malicious downloads, users are advised to be cautious when downloading apps from unofficial sources and to scrutinize the permissions requested by any app. Making sure that apps are downloaded from trusted sources, such as the Google Play Store, can help mitigate the risk of installing such malicious software.

Images: SentinelLabs

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU