“Finding a mobile number or an email address they can use to make first contact is usually not difficult,” explained ESET researcher Lukáš Štefanko, who discovered the campaign while analyzing a different malware sample posted on Twitter.ĮSET researchers believe victims were initially directed to the websites through romance scams in which targets were urged to move to allegedly more secure platforms that the hackers controlled. The hackers used “honey-trap baits” to lure their targets into downloading the apps, which were called MeetsApp and MeetUp. The campaign, which began last July and is still active, targeted people with a military or political background. The backdoor allowed the hackers to exfiltrate sensitive information from victim devices. Researchers from cybersecurity firm ESET said the attacks – run by an APT group they call “Transparent Tribe” – involved purportedly secure messaging and calling apps that contained a backdoor called CapraRAT.
APT group targeting military in India, Pakistan through malicious Android messaging appsĪ group of suspected government-backed hackers is targeting Indian and Pakistani citizens through malicious Android messaging apps in a campaign designed to steal sensitive information.
