Short News:-
One of the APT groups has added a new remote access trojan to its malware arsenal. Trend Micro has identified an Android-based remote access tool (RAT) known as CapraRAT that exhibits a high degree of "crossover" with a Windows malware known as CrimsonRAT. The group is associated with Earth Karkaddan, also known by the names APT36 and PROJECTM.
CrimsonRAT is said to be a modified version of an open-source RAT known as AndroRAT, according to the developers. Phishing links are one of the most significant data exfiltration capabilities of CapraRAT. Android spyware called StealthAgent was used to spy on Pakistani human rights defenders as recently as May 2018.
Detailed News:-
One of the APT groups has added a new remote access trojan to its malware arsenal in an effort to eavesdrop on the Indian military and diplomatic organizations (RAT).
Trend Micro has identified an Android-based remote access tool (RAT) known as CapraRAT that exhibits a high degree of "crossover" with a Windows malware known as CrimsonRAT, which is associated with Earth Karkaddan, a threat actor also known by the names APT36 and PROJECTM.
When APT36 was discovered, its first concrete evidence of existence was in the form of phishing emails with malicious PDF attachments that were sent to the Indian military and government officials. Initially thought to be of Pakistani origin, the organization has been active at least since that year.
It is also well-known that this threat actor employs a well-defined attack strategy that heavily relies on social engineering as well as a USB-based worm to carry out his or her attacks. CrimsonRAT, a Windows backdoor that the group frequently employs, grants the attackers extensive access to the systems that have been compromised. ObliqueRAT, on the other hand, has been used in more recent campaigns in place of RAT.
When CrimsonRAT is executed, it will capture screenshots, keystrokes, and files from removable drives, which it will then upload to the attacker's command and control server for analysis. CrimsonRAT is a.NET binary that has been specifically designed for this purpose.
It has now added yet another custom Android RAT to its arsenal, this time through the use of phishing links. The ability to harvest victims' locations, phone logs, and contact information while masquerading as a YouTube app is one of the most significant data exfiltration capabilities. CapraRAT is said to be a modified version of an open-source RAT known as AndroRAT, according to the developers.
Android remote administration tools (RATs) are not a new weapon in the hacking group's arsenal. Android spyware called StealthAgent was used to spy on Pakistani human rights defenders as recently as May 2018, intercepting their phone calls and messages, stealing their photos, and tracking their location.
Transparent Tribe used military-themed lures to drop a modified version of the AhMyth Android RAT disguised as a porn app, as well as a fake version of the Aarogya Setu COVID-19 tracking application, in the year 2020.
You should avoid clicking on links or downloading attachments from unknown senders, and only install apps from trusted sources. You should also be cautious when granting permissions to apps that ask for them in order to avoid such attacks.
Post a Comment
Your suggestions and comments are welcome