Malicious Android apps have been leveraged by Pakistan-linked hacking operation Transparent Tribe to facilitate the deployment of the CapraRAT spyware as part of a new surveillance campaign against gamers and weapons enthusiasts, reports The Hacker News.
Attacks involved the concealment of CapraRAT within the "Crazy Game," "Sexy Videos," "Weapons," and "TikToks" APKs, which when executed redirect to YouTube or the crazygames[.]com website while exploiting several permissions for location, SMS, and call log access, as well as phone calls, audio and video recording, and screenshot capturing, a report from SentinelOne showed.
Unlike the previous CapraRAT campaign, new intrusions no longer entailed requests for account authentication and package installations, among others, indicating Transparent Tribe's move toward surveillance, according to SentinelOne researcher Alex Delamotte.
"The decision to move to newer versions of the Android OS are logical, and likely align with the group's sustained targeting of individuals in the Indian government or military space, who are unlikely to use devices running older versions of Android, such as Lollipop which was released 8 years ago," said Delamotte.
