Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware

Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma...

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan RAT, demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker...

Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies

The Pakistan-based advanced persistent threat APT actor known as Transparent Tribe used a two-factor authentication 2FA tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe,...

APT36 targets Indian educational institutions with Crimson RAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT36 is targeting educational institutions and students in the Indian subcontinent by distributing malicious documents to stage the Crimson RAT. To receive real-time threat advisories, please follow...

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to targ...

Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps

A suspected Pakistan-aligned advanced persistent threat APT group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. "Transparent Tribe distributed the Android CapraRAT backdoor via...

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions ...

Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

The advanced persistent threat APT group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network ...

New CapraRAT Android Malware Targets Indian Government and Military Personnel

A politically motivated advanced persistent threat APT group has expanded its malware arsenal to include a new remote access trojan RAT in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high...

Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal

We investigated the most recent activities of APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat APT group, and discuss its use of CapraRAT, an Android RAT with clear similarities in design to the group’s favored Windows malware, Crimson RAT...

Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs

By Asheer Malhotra, Vanja Svajcer and Justin Thattil. Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 aka Mythic Leopard and Transparent Tribe.This campaign distributes malicious documents and archives to deliver the Netwire...

InSideCopy: How this APT continues to evolve its arsenal

By Asheer Malhotra and Justin Thattil. Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 aka Mythic Leopard and Transparent Tribe.SideCopy is an APT group that mimics the Sidewinder APT's infection... Thi...

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known ...

Transparent Tribe APT expands its Windows malware arsenal

By Asheer Malhotra, Justin Thattil and Kendall McKay. Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos' previous research has mainly linked this...

A week in security (March 16 – 22)

Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...

APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...

APT36 Taps Coronavirus as 'Golden Opportunity' to Spread Crimson RAT

A Pakistani-linked threat actor, APT36, has been using a decoy health advisory that taps into global panic around the coronavirus pandemic to spread the Crimson RAT. The functionalities of the Crimson RAT include stealing credentials from victims’ browsers, capturing screenshots, collecting...

APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while...