Safety researchers have uncovered a cyber-espionage marketing campaign focusing on primarily Indian and Pakistani victims with Android messaging apps containing backdoor malware.
ESET stated weak OpSec allowed it to find over 150 victims, a few of whom additionally resided in Russia, Oman and Egypt.
It attributed the marketing campaign to the Pakistan state-linked actor Clear Tribe (APT36) on account of using the CapraRAT backdoor and IP addresses noticed in earlier campaigns from the group.
“The backdoor is able to taking screenshots and images, recording telephone calls and surrounding audio, and exfiltrating some other delicate info,” ESET stated.
“The backdoor also can obtain instructions to obtain recordsdata, make calls and ship SMS messages. The marketing campaign is narrowly focused, and nothing suggests these apps had been ever obtainable on Google Play.”
CapraRAT was disguised as two legitimate-looking functions: so-called safe Android chat apps ‘MeetsApp’ and ‘MeetUp,’ which had been distributed by way of malicious web sites hosted by APT36.
“Contemplating that solely a handful people had been compromised, we consider that potential victims had been extremely focused and lured utilizing romance schemes, with Clear Tribe operators most certainly establishing first contact by way of one other messaging platform,” ESET defined.
“After gaining the victims’ belief, they urged transferring to a different – allegedly safer – chat app that was obtainable on one of many malicious distribution web sites.”
The safety vendor’s judgement is predicated on the truth that APT36 has beforehand used honey-trap romance scams to lure its victims. It added that victims are more likely to be navy or political officers.
The marketing campaign was nonetheless reside on the time of writing.
:contrast(5):saturation(1.16)/https%3A%2F%2Fprod.static9.net.au%2Ffs%2Fa521a821-8701-47e1-a6c6-ab251c2e75ff "Razzie Awards 2025: Cate Blanchett scores rare nomination during awards season")
