Pakistan Hackers Using CapraRAT Framework Apps Target Android Users in India Cyber Security Report
Cyber security firm Sentinelone Report According to , CapraRAT is specifically used for surveillance. Transparent Tribe used a remote access trojan called CapraRAT to target Android users and embedded it in three apps that appear to be similar to YouTube. CapraRAT is a highly invasive tool that allows attackers to gain remote access to infected Android devices and thereby compromise the data on those devices.
This is why this hacking group has been in the news several times before for targeting military and diplomatic personnel in both India and Pakistan.
CapraRAT is basically an Android framework, which hides RAT features within another app. This means that these dangerous apps will not be found on Google Play Store.
The report further suggests that Transparent Tribe hackers spread these Android apps through their websites and use social engineering techniques to trick users into installing them. These are fake Apk files, which users mistakenly install as original apps.
The most recent batch of Android package files identified by SentinelOne are related to YouTube. These apps pretend to be YouTube apps. The root names of three of these apps are “com.Base.media.service”, “com.moves.media.tubes” and “com.videos.watchs.share”.
Hackers use these tricks to gain access to an Android device and according to the report, they can gain access to the device’s microphone, front and rear cameras, capture SMS and MMS content, access call logs, screen capture, GPS and network systems. Performs tasks such as overriding settings and modifying files on the phone’s file system.
