Today > 2 Critical | 3 High | 25 Medium vulnerabilities   -   You can now download lists of IOCs here!

CapraTube Remix | Android Spyware Targeting Gamers, Weapons Enthusiasts

July 1, 2024, 4:18 p.m.

Description

SentinelLabs has uncovered a new campaign of Android spyware apps associated with the suspected Pakistan state-aligned Transparent Tribe threat group. The malicious apps, disguised as video browsers, gaming sites, and TikTok content, target mobile gamers, weapons enthusiasts, and individuals interested in TikTok videos. While the core spyware functionality remains consistent, the code has been updated to enhance compatibility with modern Android devices, expanding the potential attack surface. The APKs continue the group's trend of social engineering tactics, leveraging enticing themes to lure victims into granting excessive permissions.

Date

Published: July 1, 2024, 3:50 p.m.

Created: July 1, 2024, 3:50 p.m.

Modified: July 1, 2024, 4:18 p.m.

Indicators

a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac

7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978

173.249.50.243

173.212.206.227

www.youuutube.com

http://www.youUUtube.com/resulUUts?seUUarch_quUUery=TiUUk+ToUUks

Attack Patterns

CapraRAT

Transparent Tribe

T1592.004

T1592.003

T1592.002

T1592