Hackers Using Fake YouTube Apps To Infect Android Devices

The APT36 hacking group, also known as ‘Transparent Tribe,’ has been discovered using malicious Android apps that imitate YouTube to infect their targets’ devices with the mobile remote access trojan (RAT) called ‘CapraRAT’.

For those unaware, APT36 (or Transparent Tribe) is a suspected Pakistan-linked hacking group primarily known for using malicious Android apps to attack Indian defense and government agencies, organizations involved with the Kashmir region, as well as human rights activists working on matters related to Pakistan.

SentinelLabs, a cybersecurity company, was able to identify three Android application packages (APK) linked to Transparent Tribe’s CapraRAT, which mimicked the appearance of YouTube.

“CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects,” SentinelLabs security researcher Alex Delamotte wrote in an analysis on Monday.

According to the researchers, the malicious APKs are not distributed through Android’s ...