Transparent Tribe's current espionage run.
the cyberwire logoMar 7, 2023

Romance scams used to deliver malware.

Transparent Tribe's current espionage run.

ESET says the suspected Pakistan-based threat actor Transparent Tribe appears to be targeting Indian and Pakistani military and government officials with romance scams.

Trojanized apps install CapraRAT.

The victims are convinced to download compromised versions of secure messaging apps to their Android phones. These apps will install the CapraRAT backdoor, which is designed to exfiltrate information: “The backdoor is capable of taking screenshots and photos, recording phone calls and surrounding audio, and exfiltrating any other sensitive information. The backdoor can also receive commands to download files, make calls, and send SMS messages. The campaign is narrowly targeted, and nothing suggests these apps were ever available on Google Play.”

Attackers compromise more than 150 targets.

ESET believes the attackers begin by contacting their victims via an email address or phone number and then luring them into a romance scam—a tactic Transparent Tribe has used in the past. After the victims have downloaded the Trojanized messaging app, the attackers continue communications with them over the messaging app while stealing information in the background. The malicious apps used poor operational security, and the researchers were able to locate over 150 victims in India, Pakistan, Russia, Oman, and Egypt.