- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Officials Targeted with Romance Scams and Android Trojan
Security researchers have uncovered a cyber-espionage campaign targeting mainly Indian and Pakistani victims with Android messaging apps containing backdoor malware.
ESET said weak OpSec allowed it to locate over 150 victims, some of whom also resided in Russia, Oman and Egypt.
It attributed the campaign to the Pakistan state-linked actor Transparent Tribe (APT36) due to the use of the CapraRAT backdoor and IP addresses spotted in previous campaigns from the group.
“The backdoor is capable of taking screenshots and photos, recording phone calls and surrounding audio, and exfiltrating any other sensitive information,” ESET said.
“The backdoor can also receive commands to download files, make calls and send SMS messages. The campaign is narrowly targeted, and nothing suggests these apps were ever available on Google Play.”
CapraRAT was disguised as two legitimate-looking applications: so-called secure Android chat apps ‘MeetsApp’ and ‘MeetUp,’ which were distributed via malicious websites hosted by APT36.
“Considering that only a handful individuals were compromised, we believe that potential victims were highly targeted and lured using romance schemes, with Transparent Tribe operators most likely establishing first contact via another messaging platform,” ESET explained.
“After gaining the victims’ trust, they suggested moving to another – allegedly more secure – chat app that was available on one of the malicious distribution websites.”
The security vendor’s judgement is based on the fact that APT36 has previously used honey-trap romance scams to lure its victims. It added that victims are likely to be military or political officials.
The campaign was still live at the time of writing.