CapraTube Remix | Android Spyware Targeting Gamers, Weapons Enthusiasts

July 1, 2024, 4:18 p.m.

Description

SentinelLabs has uncovered a new campaign of Android spyware apps associated with the suspected Pakistan state-aligned Transparent Tribe threat group. The malicious apps, disguised as video browsers, gaming sites, and TikTok content, target mobile gamers, weapons enthusiasts, and individuals interested in TikTok videos. While the core spyware functionality remains consistent, the code has been updated to enhance compatibility with modern Android devices, expanding the potential attack surface. The APKs continue the group's trend of social engineering tactics, leveraging enticing themes to lure victims into granting excessive permissions.

External References

https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
https://otx.alienvault.com/pulse/6682d03f91fb1cfb2080c1b1
Tags
social engineering
android
pakistan
spyware
2024-07-01
caprarat

Date

  • Created: July 1, 2024, 3:50 p.m.
  • Published: July 1, 2024, 3:50 p.m.
  • Modified: July 1, 2024, 4:18 p.m.

Indicators

  • a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac
  • 7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978
  • 173.249.50.243
  • 173.212.206.227
  • www.youuutube.com
  • http://www.youUUtube.com/resulUUts?seUUarch_quUUery=TiUUk+ToUUks
Download all indicators here!

Attack Patterns

  • CapraRAT
  • Transparent Tribe