Tech News
CapraRAT Android Spyware Campaign Targets Gamers, TikTokers
Researchers have discovered a new malware campaign involving the well-known CapraRAT Android spyware that is now impersonating legitimate apps. This time, the spyware is targeting TikTok users, gamers, and other specific user groups by mimicking apps.
CapraRAT Spyware Impersonates Android Apps to Deceive Users
A recent report from SentinelLabs has revealed a new CapraRAT Android spyware campaign that is targeting specific user groups such as TikTokers and gamers.
The researchers identified four new APKs posing as various apps, some of which are disguised as legitimate applications. To help users identify these malicious apps on their devices, below are the application and package names to watch out for:
- Crazy Game (com.maeps.crygms.tktols): An app pretending to be the legitimate gaming platform “Crazygames.com” to deceive gamers.
- Sexy Videos (com.nobra.crygms.tktols): An app that redirects to YouTube videos.
- TikToks (com.maeps.vdosa.tktols): An app imitating the TikTok video platform, targeting TikTok users.
- Weapons (com.maeps.vdosa.tktols): This app, with the logo “Forgotten Weapons” (mimicking a YouTube channel of the same name), aims at weapon enthusiasts.
Although these apps appear to cater to different user groups, they all operate in a similar manner, indicating the wide reach of this CapraRAT campaign.
The Latest Campaign Demonstrates Deceptive Behavior
Upon downloading any of these apps, the attack commences. During installation, the app requests intrusive permissions from users, including access to SMS, contacts, GPS location, storage read/write access, camera, audio recording, screen recording, call history, call-making permission, and network state management.
Many of these permissions are unnecessary for a gaming or video app, which should raise red flags for users. However, most users do not pay attention to individual app permissions, making them vulnerable to such threats.
In addition to these permissions, the new malware variant utilizes a WebView feature to open links to legitimate sites in order to deceive users. Furthermore, the malware now functions more as spyware rather than a backdoor (unlike previous campaigns), as it omits permissions for installing packages or authenticating accounts. This deceptive behavior has the potential to deceive even the most cautious users, remaining undetected for extended periods.
CapraRAT is a well-known Android spyware linked to a suspected Pakistani state-actor group, Transparent Tribe (also known as APT 36, Operation C-Major). This group, active since 2016, has conducted numerous malicious campaigns targeting users, particularly in India.
Share your thoughts in the comments section below.
-
Tech News4 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months ago
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Breaking News4 months ago
Democrats and allies to flood airwaves, drop more than $125M on abortion push
-
Activities4 months ago
Family Holiday Checklist | What To Pack Family Holiday
-
Gaming4 months ago
Concord price, beta, preorder details for PS5 and PC confirmed
-
Destination4 months ago
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA