This group of hackers is known for targeting military and diplomatic personnel of both India and Pakistan. “CapraRAT is a highly aggressive tool that gives attackers control over large amounts of data on infected Android devices,” said security researcher Alex Delamotte, The Times of India reported. CapraRAT is an Android framework that hides RAT features inside another application. That means these dangerous apps are not present in Google Play Store.
According to the report, “Transparent Tribe” hackers spread these Android apps outside the Google Play Store. They lure users to install these fake applications through self-run websites, social engineering techniques. That means these Android package files are duplicate versions of popular apps. The latest Android package (APK) files discovered by Sentinel One are designed to mimic YouTube. One of them reaches the YouTube channel belonging to “Piya Sharma”.
These applications are named Namakavastham. However, it is said that romance-based tactics are being used to target users and lure them into installing it.
If you look at how these apps monitor the activities of Android users, they record through the microphone along with the front and rear cameras. Contents of SMS, multimedia messages and call records are also collected. It offers many tricks including sending SMS, blocking incoming calls, initiating phone calls, screen capture, hijacking system settings like GPS and network and modifying files in the phone’s filesystem.
So, be as careful as possible. Don’t click on suspicious links, don’t fall prey to lures. The more careful you are, the better.