A group of hackers known for identifying Indian military personnel and officers has reportedly come up with a new computer-ready program for identifying Android devices.
Named CapraRAT, the new remote access trojan (RAT) is able to steal data points like location information, phone number and call history, unique ID number and more.
It can even access the camera and microphone on an infected device to transmit information to threatening players.
A new hacking tool identified by cybersecurity company Trend Micro with data obtained from January 2020 to September 2021 by the Trend Micro Smart Protection Network (SPN).
In the report describing the threat, the company points out that CapraRAT was seen using APT36, the “politically motivated” ongoing threat (APT), with the names – Earth Karkaddan, Operation C-Major, PROJECTM, Leopard Legends, and the Nation.
The report states that CapraRAT is inspired by Crimson RAT, a malware program commonly used by APT36 to identify Windows devices.
Both non-computer programs have “clear similarities in design,” which includes usernames, commands, and power between tools.
A malware program, such as the Crimson RAT, relies on phishing scams to identify users and their devices.
Trend Micro notes that CapraRAT also shares similarities, and thus could be a modified version of the open source RAT called AndroRAT.
Trend Micro says it has been looking at CapraRAT samples “since 2017,” a study showing that the Android Trojan came into use that year.
Like the Crimson RAT, the Android trojan uses subdomains and criminal documents to steal sensitive information to trick its intentions into downloading malware.
These scams often take the form of fake government documents, honeytraps, and recent coronavirus-related information.
Once the malicious application has been downloaded, it asks for system permissions just like any other application, without which these permissions often endanger the targeted device in a malicious program.
Once it has obtained the necessary permissions, the malware may access the victim’s phone number and other contact information, unique ID number, location details, call history and microphone and record audio clips.
It can even launch packages for other applications and even unlock the device’s camera.
A Trend Micro report states that RAT also has a “persistent approach” that tends to keep malicious applications running at all times.
“It checks that the service is still running every minute, and if it doesn’t, the service will be re-launched,” the report said.
The online security company shares some common tips to avoid becoming a victim of CapraRAT attacks.
It recommends that users avoid emails and links from anonymous sources, download and allow permissions only on applications from trusted sources and use “multimedia security solutions” that can protect against a variety of online threats.
ALSO SEE: The Apple AirPods 3 is available for Rs 2,000 on Amazon, but something has been caught
