July 1, 2024 at 09:06AM
Transparent Tribe, a threat actor, has been targeting individuals with malware-laced Android apps as part of a social engineering campaign. Their latest campaign, dubbed CapraTube, expanded to target mobile gamers, weapons enthusiasts, and TikTok fans. The group has a history of targeting the Indian government and military, using spear-phishing and watering hole attacks to deliver spyware. The disclosure comes as Promon revealed a new Android banking malware called Snowblind.
From the meeting notes provided, it is evident that the threat actor known as Transparent Tribe has been using a social engineering campaign to distribute malware-laced Android apps. This campaign, dubbed CapraTube, employs weaponized Android apps impersonating legitimate apps like YouTube to deliver a spyware called CapraRAT, primarily targeting mobile gamers, weapons enthusiasts, and TikTok fans.
The malware, CapraRAT, has been used by Transparent Tribe for over two years in attacks targeting the Indian government and military personnel, and the group has a history of utilizing spear-phishing and watering hole attacks to deliver a variety of Windows and Android spyware.
A notable change to the malware is that it now focuses on using the spyware as a surveillance tool rather than a backdoor, as it no longer requests permissions such as READ_INSTALL_SESSIONS, GET_ACCOUNTS, AUTHENTICATE_ACCOUNTS, and REQUEST_INSTALL_PACKAGES.
In addition, another Android banking malware called Snowblind has been disclosed by Promon, and it attempts to bypass detection methods and leverage the operating system’s accessibility services API in a surreptitious manner. This is similar to another malware called FjordPhantom, both of which target apps from Southeast Asia and indicate a high level of sophistication among malware authors in that region.
Overall, the meeting notes highlight the evolving tactics and focus of Transparent Tribe’s social engineering campaign and the emergence of new sophisticated Android malware targeting specific geographic regions.
This information underscores the importance of staying abreast of the evolving threat landscape and emphasizes the need for robust security measures to mitigate the risks posed by such advanced and targeted attacks.