Transparent Tribe, an advanced persistent threat (APT) group that has been active since at least 2013, has begun deploying a new mobile malware tool in its cyber espionage campaigns.
Researchers from Kaspersky this week reported observing the group actively targeting Android users in India with spyware disguised as a couple of popular apps.
Once installed on a system, the malware has been observed downloading new apps and accessing SMS messages, call logs, and the device's microphone. Transparent Tribe's new Android spyware tool also tracks an infected device's location and enumerates and uploads files from it to a remote attacker-controlled server, Kaspersky said in a report Wednesday.
Giampaolo Dedola, senior security researcher at Kaspersky’s Global Research and Analysis Team, says available data suggests the attackers are hosting the Android package files on specific websites and luring users to those locations via social engineering.
According to Kaspersky, one of the two Android applications that Transparent Tribe is using to distribute the spyware is an open source video player that, when installed, serves up an adult video as a distraction while installing additional malware in the background. The second app masquerades as "Aarogya Setu," a COVID-19 tracking app developed by the Indian government's National Informatics Center.
Both apps try to install another Android package file on the compromised system. The package is a modified version of AhMyth, an open source Android remote access tool (RAT) that is freely available for download on GitHub. According to Kaspersky, the modified version lacks some features available on the original, such as the ability to steal pi ..
Support the originator by clicking the read the rest link below.
![Supercon 2023: [Cory Doctorow] with an Audacious Plan to Halt the Internet’s Enshittification and Throw It Into Reverse](upload/news/image_1727978416_96872920.jpg)
