Transparent Tribe is a state-sponsored threat actor linked to Pakistan. SentinelOne observed the APT using a new version of the CapraRAT Android trojan, which distributes itself by masquerading as other well-known applications.
Transparent Tribe has used CapraRAT since 2018 to monitor the Kashmir region and human rights activists working on Pakistani issues. In early 2023, CapraRAT iterations mimicked a dating service app to convince intended targets to install the malicious application themselves. More recently, CapraRAT versions were disguised as YouTube in a similar strategy. The malware uses the YouTube icon and requests similar permissions to the legitimate application, such as microphone access. While it covertly logs communications, sends and blocks messages, takes screenshots, and modifies files, the RAT can launch a WebView object to load YouTube and avoid user suspicion. SentinelOne added that the YouTube strategy is a small development in a long-term campaign confined to the India-Pakistan region.
Read More:
