A suspected hacker, known as the Transparent Tribe, has made headlines several times in the past for targeting military and diplomatic personnel in Asian countries.
The hacker is in the headlines again as the fake YouTube app is being used to spread mobile Remote Access Trojan (RAT) CapraRAT on Indian Android phones.
According to a report by cybersecurity firm SentinelOne, the CapraRAT toolset has been used to monitor spear-phishing.
CapraRAT is an Android framework that hides RAT functions in another application.
“CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects,” security researcher Alex Delamotte said.
The hacker most recently targeted the Indian education sector.
According to the report, Transparent Tribe distributes Android apps outside of the Google Play Store, using self-operated websites and social engineering to trick users into installing a weaponized application.
Earlier this year, the group distributed CapraRAT Android apps disguised as a dating service that conducted spyware activities.
The report also discovered that one of the recently discovered APKs made contact with Piya Sharma’s YouTube account, which has a number of brief videos of a woman in various settings.
The hacker “continues to use romance-based social engineering techniques to convince targets to install the applications, and that Piya Sharma is a related persona,” according to the APK that also used the person’s name and likeness.
According to the report, the apps ask for intrusive permissions during installation that gives the malware access to features like recording with the microphone, front and rear cameras, collecting SMS and multimedia message contents, call logs, sending SMS messages, blocking incoming SMS, initiating phone calls, and more.