Tech News
CapraRAT Android Spyware Campaign Targets Gamers, TikTokers
Researchers have discovered a new malware campaign involving the well-known CapraRAT Android spyware that is now impersonating legitimate apps. This time, the spyware is targeting TikTok users, gamers, and other specific user groups by mimicking apps.
CapraRAT Spyware Impersonates Android Apps to Deceive Users
A recent report from SentinelLabs has revealed a new CapraRAT Android spyware campaign that is targeting specific user groups such as TikTokers and gamers.
The researchers identified four new APKs posing as various apps, some of which are disguised as legitimate applications. To help users identify these malicious apps on their devices, below are the application and package names to watch out for:
- Crazy Game (com.maeps.crygms.tktols): An app pretending to be the legitimate gaming platform “Crazygames.com” to deceive gamers.
- Sexy Videos (com.nobra.crygms.tktols): An app that redirects to YouTube videos.
- TikToks (com.maeps.vdosa.tktols): An app imitating the TikTok video platform, targeting TikTok users.
- Weapons (com.maeps.vdosa.tktols): This app, with the logo “Forgotten Weapons” (mimicking a YouTube channel of the same name), aims at weapon enthusiasts.
Although these apps appear to cater to different user groups, they all operate in a similar manner, indicating the wide reach of this CapraRAT campaign.
The Latest Campaign Demonstrates Deceptive Behavior
Upon downloading any of these apps, the attack commences. During installation, the app requests intrusive permissions from users, including access to SMS, contacts, GPS location, storage read/write access, camera, audio recording, screen recording, call history, call-making permission, and network state management.
Many of these permissions are unnecessary for a gaming or video app, which should raise red flags for users. However, most users do not pay attention to individual app permissions, making them vulnerable to such threats.
In addition to these permissions, the new malware variant utilizes a WebView feature to open links to legitimate sites in order to deceive users. Furthermore, the malware now functions more as spyware rather than a backdoor (unlike previous campaigns), as it omits permissions for installing packages or authenticating accounts. This deceptive behavior has the potential to deceive even the most cautious users, remaining undetected for extended periods.
CapraRAT is a well-known Android spyware linked to a suspected Pakistani state-actor group, Transparent Tribe (also known as APT 36, Operation C-Major). This group, active since 2016, has conducted numerous malicious campaigns targeting users, particularly in India.
Share your thoughts in the comments section below.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend