An ongoing cyber espionage campaign has begun targeting the Android devices of Indian and Pakistani nationals with a backdoor called “CapraRAT”. The campaign has been linked to the APT group Transparent Tribe, and the current theory is that attackers are using romance scams to lure victims into downloading a malware-laced messenger app from a third-party website. This malware is a modified version of AndroRAT that runs alongside the messenger app. This malware lets attackers record phone calls, make calls, send SMS messages, and download additional files unbeknownst to the victim. This campaign has infected as many as 150 victims that likely have an association with military or political groups. The attack uses a malicious APK file that does not seem to have been uploaded to the Google Play Store.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security