A "safe" analogue of WhatsApp was used by cybercriminals to inject a multi-functional Android backdoor.
The Pakistani hacker group known as the Transparent Tribe has allegedly been linked to an ongoing cyber-espionage campaign targeting Indian and Pakistani Android users through a backdoor called CapraRAT.
"Transparent Tribe distributed the CapraRAT Android backdoor through trojanized MeetsApp and MeetUp branded messaging apps," ESET said in a report today.
According to preliminary estimates, about 150 people became victims. Malicious software could be downloaded from fake phishing websites, and the application itself, in its interface and name, is definitely a kind of parody of WhatsApp from Meta*.
The targets are suspected to be lured through a romantic trap scam in which the attacker reaches out to victims through another platform and convinces them to install malware apps under the guise of "secure" messaging and calls.
However, the apps, in addition to the promised features, come with an implanted CapraRAT, a modified open source version of AndroRAT that was first documented by Trend Micro in February 2022.
The backdoor is equipped with an extensive set of features that allow you to take screenshots and photos, record phone calls and ambient sound, and extract other sensitive information. It can also make calls, send SMS messages, and receive commands to download files.
However, users also need to create an account by linking their phone numbers and completing the SMS verification step in order to access the app's features.
ESET said the malware campaign was narrowly targeted and found no evidence that the apps were available on the Google Play Store.
Transparent Tribe, also known as APT36, Operation C-Major and Mythic Leopard, has recently been linked to a number of other attacks targeting Indian government organizations using malicious versions of a two-factor authentication solution called Kavach.