Pakistan-linked hacker targeting Android phones via fake YouTube apps, using channel name,,,

A suspected Pakistan-linked hacker who is known as 'Transparent Tribe' has made it to the news several times in the past for targeting military and diplomatic personnel in both India and Pakistan. The hacker is once again part of the news due the fake YouTube app that is being used to spread the CapraRAT mobile remote access trojan (RAT) on Indian Android phones. As per a report by cybersecurity company SentinelOne, the CapraRAT toolset has been used for surveillance against spear-phishing targets privy to affairs involving the disputed region of Kashmir, as well as human rights activists working on matters related to Pakistan.

CapraRAT is an Android framework that hides RAT features inside of another application. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," said security researcher Alex Delamotte. The hacker most recently targeted the Indian education sector.

According to the report, Transparent Tribe spreads Android apps outside of the Google Play Store, relying on self-run websites and social engineering to lure users to install a weaponised application.  Earlier this year, the group distributed CapraRAT Android apps disguised as a 'dating service' that conducted spyware activity.

Moreover, the report found that one of the newly identified APKs reached out to a YouTube channel belonging to Piya Sharma, which has several short clips of a woman in various locales. 

This APK also borrowed the individual’s name and likeness, suggesting that the hacker "continues to use romance-based social engineering techniques to convince targets to install the applications, and that Piya Sharma is a related persona".

Upon installation, the apps request intrusive permissions that allow the malware to harvest and exfiltrate sensitive information to a hacker-controlled server with notable features such as -- recording with the microphone, front & rear cameras, collecting SMS and multimedia message contents, call logs, sending SMS messages, blocking incoming SMS, initiating phone calls, and more, the report said.

"Transparent Tribe is a perennial actor with reliable habits. The relatively low operational security bar enables swift identification of their tools," Delamotte said.  "Individuals and organisations connected to diplomatic, military, or activist matters in the India and Pakistan regions should evaluate defence against this actor and threat," he added. (with inputs from IANS)